diff options
author | jim-p <jimp@pfsense.org> | 2010-10-21 14:33:20 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-10-21 14:33:20 -0400 |
commit | 8e022a760ad6dfee1fa020c4b10d9b895ef46673 (patch) | |
tree | 2070293aa2541f3da3bee8fbc86334c1007e50d3 /etc/inc/openvpn.inc | |
parent | ad08687b5575aade26bb6ee4f6e01d3305e3bcc1 (diff) | |
download | pfsense-8e022a760ad6dfee1fa020c4b10d9b895ef46673.zip pfsense-8e022a760ad6dfee1fa020c4b10d9b895ef46673.tar.gz |
Refresh OpenVPN CRL files when a CRL has a cert added/removed. Ticket #555
Diffstat (limited to 'etc/inc/openvpn.inc')
-rw-r--r-- | etc/inc/openvpn.inc | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index b25b257..341044c 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -904,4 +904,35 @@ function openvpn_get_active_clients() { } return $clients; } + +function openvpn_refresh_crls() { + global $g, $config; + + if (!file_exists($g['varetc_path']."/openvpn")) + return; + + if (is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $settings) { + if (empty($settings)) + continue; + if (isset($settings['disable'])) + continue; + // Write the settings for the keys + switch($settings['mode']) { + case 'p2p_tls': + case 'server_tls': + case 'server_tls_user': + case 'server_user': + if (!empty($settings['crlref'])) { + $crl = lookup_crl($settings['crlref']); + $fpath = $g['varetc_path']."/openvpn/server{$settings['vpnid']}.crl-verify"; + file_put_contents($fpath, base64_decode($crl['text'])); + @chmod($fpath, 0644); + } + break; + } + } + } +} + ?> |