diff options
author | jim-p <jimp@pfsense.org> | 2010-08-13 14:03:23 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-08-13 14:03:23 -0400 |
commit | dc291feb70c4142d112177a9e1fdac3bb2d31f69 (patch) | |
tree | f65a4ebf94b3af72ed1dbc911043ca14f95cbccd /etc | |
parent | 812dd35db0e19483c96ffdcd4f16245ed1f96d87 (diff) | |
download | pfsense-dc291feb70c4142d112177a9e1fdac3bb2d31f69.zip pfsense-dc291feb70c4142d112177a9e1fdac3bb2d31f69.tar.gz |
Only write out the CA if one exists.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index c754736..827adbd 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -536,20 +536,22 @@ function vpn_ipsec_configure($ipchg = false) chmod($keypath, 0600); $ca = lookup_ca($cert['caref']); - $cafile = "ca-".$ikeid.".crt"; - $capath = $g['varetc_path']."/".$cafile; + if ($ca) { + $cafile = "ca-".$ikeid.".crt"; + $capath = $g['varetc_path']."/".$cafile; + + if (!file_put_contents($capath, base64_decode($ca['crt']))) + { + log_error("Error: Cannot write phase1 CA certificate file for {$ph1ent['name']}"); + continue; + } - if (!file_put_contents($capath, base64_decode($ca['crt']))) - { - log_error("Error: Cannot write phase1 CA certificate file for {$ph1ent['name']}"); - continue; + chmod($capath, 0600); + $caline = "ca_type x509 \"".basename($capath)."\";"; } - chmod($capath, 0600); - $certline = "certificate_type x509 \"".basename($certpath)."\" \"".basename($keypath)."\";"; - $caline = "ca_type x509 \"".basename($capath)."\";"; } $ealgos = ''; |