diff options
| -rw-r--r-- | security/pfSense-pkg-openvpn-client-export/Makefile | 3 | ||||
| -rw-r--r-- | security/pfSense-pkg-openvpn-client-export/files/usr/local/pkg/openvpn-client-export.inc | 7 |
2 files changed, 5 insertions, 5 deletions
diff --git a/security/pfSense-pkg-openvpn-client-export/Makefile b/security/pfSense-pkg-openvpn-client-export/Makefile index 88994e9..c6cae94 100644 --- a/security/pfSense-pkg-openvpn-client-export/Makefile +++ b/security/pfSense-pkg-openvpn-client-export/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= pfSense-pkg-openvpn-client-export -PORTVERSION= 1.4.2 -PORTREVISION= 2 +PORTVERSION= 1.4.3 CATEGORIES= security MASTER_SITES= # empty DISTFILES= # empty diff --git a/security/pfSense-pkg-openvpn-client-export/files/usr/local/pkg/openvpn-client-export.inc b/security/pfSense-pkg-openvpn-client-export/files/usr/local/pkg/openvpn-client-export.inc index c0873cb..b733b28 100644 --- a/security/pfSense-pkg-openvpn-client-export/files/usr/local/pkg/openvpn-client-export.inc +++ b/security/pfSense-pkg-openvpn-client-export/files/usr/local/pkg/openvpn-client-export.inc @@ -347,9 +347,10 @@ EOF; // Extra protection for the server cert, if it's supported if (function_exists("cert_get_purpose")) { if (is_array($server_cert) && ($server_cert['crt'])) { - $purpose = cert_get_purpose($server_cert['crt'], true); - if ($purpose['server'] == 'Yes') { - $conf .= "ns-cert-type server{$nl}"; + $crt_details = openssl_x509_parse(base64_decode($server_cert['crt'])); + $eku_list = explode(',', $crt_details['extensions']['extendedKeyUsage']); + if (in_array('TLS Web Server Authentication', $eku_list)) { + $conf .= "remote-cert-tls server{$nl}"; } } } |
