diff options
| author | Ermal <eri@pfsense.org> | 2010-11-25 11:57:01 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2010-11-25 11:57:01 +0000 |
| commit | e1b17c7a63310248e6e70cde88bf0824b9f1894c (patch) | |
| tree | 51cc689604e3429b769e7e6f594fec966b00c76f /etc/inc/openvpn.inc | |
| parent | 02d7e4a43b6c6e1f8345c7561394305185905b33 (diff) | |
| download | pfsense-e1b17c7a63310248e6e70cde88bf0824b9f1894c.zip pfsense-e1b17c7a63310248e6e70cde88bf0824b9f1894c.tar.gz | |
Ticket #1037. Add suggestion in the ticket for using the CA supplied to openvpn for authenticating to SSL LDAP.
Diffstat (limited to 'etc/inc/openvpn.inc')
| -rw-r--r-- | etc/inc/openvpn.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 0863b1a..9da5ce1 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -394,7 +394,9 @@ function openvpn_reconfigure($mode,& $settings) { } $sed .= ");\\\n"; if ($settings['strictusercn']) - $sed .= "\$strictusercn = true;"; + $sed .= "\$strictusercn = true;\n"; + $sed .= "putenv(\"LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca\");\n"; + $sed .= "putenv(\"LDAPTLS_REQCERT=never\");\n"; mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; @@ -935,4 +937,4 @@ function openvpn_refresh_crls() { } } -?>
\ No newline at end of file +?> |
