diff options
author | jim-p <jimp@pfsense.org> | 2011-10-11 11:56:53 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-10-27 10:28:02 -0400 |
commit | 41936accf08413ae20e4ffa74cb4e11881edd57b (patch) | |
tree | 121eec056d9241a09cb9e5cd3508a74624125338 | |
parent | 98963f2771f4ee7ac6c278a1b80f5c5e7ebfaa7d (diff) | |
download | pfsense-41936accf08413ae20e4ffa74cb4e11881edd57b.zip pfsense-41936accf08413ae20e4ffa74cb4e11881edd57b.tar.gz |
Assume a default value of 1 for cert_depth to disallow chaining.
-rw-r--r-- | etc/inc/openvpn.inc | 2 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 7408d50..fb0b98f 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -455,6 +455,8 @@ function openvpn_reconfigure($mode, $settings) { } break; } + if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) + $settings['cert_depth'] = 1; if (is_numeric($settings['cert_depth'])) { $sed = ""; $cert = lookup_cert($settings['certref']); diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index b70bbf3..a166048 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -95,6 +95,7 @@ if($_GET['act']=="new"){ $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; + $pconfig['cert_depth'] = 1; } if($_GET['act']=="edit"){ @@ -123,7 +124,10 @@ if($_GET['act']=="edit"){ $pconfig['crlref'] = $a_server[$id]['crlref']; $pconfig['certref'] = $a_server[$id]['certref']; $pconfig['dh_length'] = $a_server[$id]['dh_length']; - $pconfig['cert_depth'] = $a_server[$id]['cert_depth']; + if (isset($a_server[$id]['cert_depth'])) + $pconfig['cert_depth'] = $a_server[$id]['cert_depth']; + else + $pconfig['cert_depth'] = 1; if ($pconfig['mode'] == "server_tls_user") $pconfig['strictusercn'] = $a_server[$id]['strictusercn']; } else |