Assume a default value of 1 for cert_depth to disallow chaining.

author: jim-p <jimp@pfsense.org> 2011-10-11 11:56:53 -0400
committer: jim-p <jimp@pfsense.org> 2011-10-27 10:29:38 -0400
commit: ea9a4cc867fa7f82f10f8be799a668cb42a94cdd (patch)
tree: 1ad765ab313c237a0672537d72002c753ef16599 /etc/inc/openvpn.inc
parent: 77ed2f4c9f67af9c041ae5de3dcf82455238fdb7 (diff)
download: pfsense-ea9a4cc867fa7f82f10f8be799a668cb42a94cdd.zip
pfsense-ea9a4cc867fa7f82f10f8be799a668cb42a94cdd.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index b34d442..c9e5975 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -438,6 +438,8 @@ function openvpn_reconfigure($mode, $settings) {
 				}
 				break;
 		}
+		if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls')))
+			$settings['cert_depth'] = 1;
 		if (is_numeric($settings['cert_depth'])) {
 			$sed = "";
 			$cert = lookup_cert($settings['certref']);
author	jim-p <jimp@pfsense.org>	2011-10-11 11:56:53 -0400
committer	jim-p <jimp@pfsense.org>	2011-10-27 10:29:38 -0400
commit	ea9a4cc867fa7f82f10f8be799a668cb42a94cdd (patch)
tree	1ad765ab313c237a0672537d72002c753ef16599 /etc/inc/openvpn.inc
parent	77ed2f4c9f67af9c041ae5de3dcf82455238fdb7 (diff)
download	pfsense-ea9a4cc867fa7f82f10f8be799a668cb42a94cdd.zip pfsense-ea9a4cc867fa7f82f10f8be799a668cb42a94cdd.tar.gz