diff options
author | mgrooms <mgrooms@shrew.net> | 2009-03-12 21:50:25 +0000 |
---|---|---|
committer | mgrooms <mgrooms@shrew.net> | 2009-03-12 21:51:50 +0000 |
commit | 0b7fd3e91deacbb301e1684a40911c8e95ec6533 (patch) | |
tree | 4745f0ee3b0d0adc227f5f54c0e11d577a52f1b1 /etc/inc/config.inc | |
parent | 8be44c5ac9dd2a33415c1c1803967b5069a55eeb (diff) | |
download | pfsense-0b7fd3e91deacbb301e1684a40911c8e95ec6533.zip pfsense-0b7fd3e91deacbb301e1684a40911c8e95ec6533.tar.gz |
Correct the configuration file IPsec certificate upgrade process.
Diffstat (limited to 'etc/inc/config.inc')
-rw-r--r-- | etc/inc/config.inc | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 5b0ff2a..faf5af7 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -2166,15 +2166,20 @@ endif; /* Convert 5.5 -> 5.6 */ if ($config['version'] <= 5.5) { - /* migrate ipsec ca's to cert manager */ if (!is_array($config['system']['ca'])) $config['system']['ca'] = array(); if (!is_array($config['system']['cert'])) $config['system']['cert'] = array(); + + /* migrate ipsec ca's to cert manager */ if (is_array($config['ipsec']['cacert'])) { - foreach($config['ipsec']['cacert'], & $cacert) { - $ca = new array(); - $ca['crt'] = $cacert['cert']; + foreach($config['ipsec']['cacert'] as & $cacert) { + $ca = array(); + $ca['refid'] = uniqid(); + if (is_array($cacert['cert'])) + $ca['crt'] = $cacert['cert'][0]; + else + $ca['crt'] = $cacert['cert']; $ca['name'] = $cacert['ident']; $config['system']['ca'][] = $ca; } @@ -2183,19 +2188,22 @@ endif; /* migrate phase1 certificates to cert manager */ if (is_array($config['ipsec']['phase1'])) { - foreach($config['ipsec']['phase1'], & $ph1ent) { - if($ph1ent['cert'] && $ph1ent['private-key']) { - $cert = new array(); - $cert['name'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate"; + foreach($config['ipsec']['phase1'] as & $ph1ent) { + $cert = array(); + $cert['refid'] = uniqid(); + $cert['name'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate"; + if (is_array($ph1ent['cert'])) + $cert['crt'] = $ph1ent['cert'][0]; + else $cert['crt'] = $ph1ent['cert']; - $cert['prv'] = $ph1ent['private-key']; - $config['system']['cert'][] = $cert; - } - if($ph1ent['cert']) + $cert['prv'] = $ph1ent['private-key']; + $config['system']['cert'][] = $cert; + $ph1ent['certref'] = $cert['refid']; + if ($ph1ent['cert']) unset($ph1ent['cert']); - if($ph1ent['private-key']) + if ($ph1ent['private-key']) unset($ph1ent['private-key']); - if($ph1ent['peercert']) + if ($ph1ent['peercert']) unset($ph1ent['peercert']); } } |