diff options
author | mgrooms <mgrooms@shrew.net> | 2009-03-12 08:02:37 +0000 |
---|---|---|
committer | mgrooms <mgrooms@shrew.net> | 2009-03-12 08:06:17 +0000 |
commit | 73fbece8f11fa253120f549e6ea837c9242534a2 (patch) | |
tree | 0c48b4e9f746bb11b55d42941d1653f54b400335 /etc/inc/config.inc | |
parent | fabd8cdbcf57764aac61ce597ae0c27f7e738cfe (diff) | |
download | pfsense-73fbece8f11fa253120f549e6ea837c9242534a2.zip pfsense-73fbece8f11fa253120f549e6ea837c9242534a2.tar.gz |
Migrate IPsec certificate management to centralized system.
Diffstat (limited to 'etc/inc/config.inc')
-rw-r--r-- | etc/inc/config.inc | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 20178af..5b0ff2a 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -2163,6 +2163,46 @@ endif; $config['version'] = "5.5"; } + /* Convert 5.5 -> 5.6 */ + if ($config['version'] <= 5.5) { + + /* migrate ipsec ca's to cert manager */ + if (!is_array($config['system']['ca'])) + $config['system']['ca'] = array(); + if (!is_array($config['system']['cert'])) + $config['system']['cert'] = array(); + if (is_array($config['ipsec']['cacert'])) { + foreach($config['ipsec']['cacert'], & $cacert) { + $ca = new array(); + $ca['crt'] = $cacert['cert']; + $ca['name'] = $cacert['ident']; + $config['system']['ca'][] = $ca; + } + unset($config['ipsec']['cacert']); + } + + /* migrate phase1 certificates to cert manager */ + if (is_array($config['ipsec']['phase1'])) { + foreach($config['ipsec']['phase1'], & $ph1ent) { + if($ph1ent['cert'] && $ph1ent['private-key']) { + $cert = new array(); + $cert['name'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate"; + $cert['crt'] = $ph1ent['cert']; + $cert['prv'] = $ph1ent['private-key']; + $config['system']['cert'][] = $cert; + } + if($ph1ent['cert']) + unset($ph1ent['cert']); + if($ph1ent['private-key']) + unset($ph1ent['private-key']); + if($ph1ent['peercert']) + unset($ph1ent['peercert']); + } + } + + $config['version'] = "5.6"; + } + $now = date("H:i:s"); log_error("Ended Configuration upgrade at $now"); @@ -3080,4 +3120,4 @@ function set_device_perms() { if($g['booting']) echo "."; $config = parse_config(); -?>
\ No newline at end of file +?> |