diff options
| author | jim-p <jimp@pfsense.org> | 2011-10-11 11:56:53 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-10-27 10:29:38 -0400 |
| commit | ea9a4cc867fa7f82f10f8be799a668cb42a94cdd (patch) | |
| tree | 1ad765ab313c237a0672537d72002c753ef16599 | |
| parent | 77ed2f4c9f67af9c041ae5de3dcf82455238fdb7 (diff) | |
| download | pfsense-ea9a4cc867fa7f82f10f8be799a668cb42a94cdd.zip pfsense-ea9a4cc867fa7f82f10f8be799a668cb42a94cdd.tar.gz | |
Assume a default value of 1 for cert_depth to disallow chaining.
| -rw-r--r-- | etc/inc/openvpn.inc | 2 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index b34d442..c9e5975 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -438,6 +438,8 @@ function openvpn_reconfigure($mode, $settings) { } break; } + if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) + $settings['cert_depth'] = 1; if (is_numeric($settings['cert_depth'])) { $sed = ""; $cert = lookup_cert($settings['certref']); diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index fa3cc24..0ef67a7 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -95,6 +95,7 @@ if($_GET['act']=="new"){ $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; + $pconfig['cert_depth'] = 1; } if($_GET['act']=="edit"){ @@ -123,7 +124,10 @@ if($_GET['act']=="edit"){ $pconfig['crlref'] = $a_server[$id]['crlref']; $pconfig['certref'] = $a_server[$id]['certref']; $pconfig['dh_length'] = $a_server[$id]['dh_length']; - $pconfig['cert_depth'] = $a_server[$id]['cert_depth']; + if (isset($a_server[$id]['cert_depth'])) + $pconfig['cert_depth'] = $a_server[$id]['cert_depth']; + else + $pconfig['cert_depth'] = 1; if ($pconfig['mode'] == "server_tls_user") $pconfig['strictusercn'] = $a_server[$id]['strictusercn']; } else |
