diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-25 08:08:24 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-25 14:49:54 -0300 |
commit | 46bc6e545a17e77202aaf01ec0cd8d5a46567525 (patch) | |
tree | 32d18dda436ec739c67c489ceb771e8629cd926f /etc/inc/openvpn.tls-verify.php | |
parent | 4d9801c2dbd2b3e54a39578ee62b93af66607227 (diff) | |
download | pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.zip pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.tar.gz |
Move main pfSense content to src/
Diffstat (limited to 'etc/inc/openvpn.tls-verify.php')
-rw-r--r-- | etc/inc/openvpn.tls-verify.php | 97 |
1 files changed, 0 insertions, 97 deletions
diff --git a/etc/inc/openvpn.tls-verify.php b/etc/inc/openvpn.tls-verify.php deleted file mode 100644 index 9e21342..0000000 --- a/etc/inc/openvpn.tls-verify.php +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/local/bin/php-cgi -f -<?php -/* $Id$ */ -/* - openvpn.tls-verify.php - - Copyright (C) 2011 Jim Pingle - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ -/* - pfSense_BUILDER_BINARIES: - pfSense_MODULE: openvpn -*/ -/* - * OpenVPN calls this script to validate a certificate - * This script is called ONCE per DEPTH of the certificate chain - * Normal operation would have two runs - one for the server certificate - * and one for the client certificate. Beyond that, you're dealing with - * intermediates. - */ - -require_once("globals.inc"); -require_once("config.inc"); -require_once("interfaces.inc"); - -openlog("openvpn", LOG_ODELAY, LOG_AUTH); - -/* read data from command line */ -if (isset($_GET['certdepth'])) { - $cert_depth = $_GET['certdepth']; - $cert_subject = urldecode($_GET['certsubject']); - $allowed_depth = $_GET['depth']; - $server_cn = $_GET['servercn']; -} else { - $cert_depth = intval($argv[1]); - $cert_subject = $argv[2]; -} - -/* Reserved for future use in case we decide to verify CNs and such as well -$subj = explode("/", $cert_subject); -foreach ($subj at $s) { - list($n, $v) = explode("=", $s); - if ($n == "CN") { - $common_name = $v; - } -} -*/ - -/* Replaced by sed with proper variables used below ( $server_cn and $allowed_depth ). */ -//<template> - -if (isset($allowed_depth) && ($cert_depth > $allowed_depth)) { - syslog(LOG_WARNING, "Certificate depth {$cert_depth} exceeded max allowed depth of {$allowed_depth}.\n"); - if (isset($_GET['certdepth'])) { - echo "FAILED"; - closelog(); - return; - } else { - closelog(); - exit(1); - } -} - -// Debug -//syslog(LOG_WARNING, "Found certificate {$argv[2]} with depth {$cert_depth}\n"); - -closelog(); -if (isset($_GET['certdepth'])) { - echo "OK"; -} else { - exit(0); -} - -?> |