diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-10-12 22:03:59 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-10-12 22:03:59 -0500 |
commit | f248cdc0fedd33318cc54837863f8454b560f2ec (patch) | |
tree | 1ff78c6f8be4094df4188bfc1a9ef34542c5c3f1 /etc | |
parent | 54a527574311d935403e81bb18fd8b659ec403ca (diff) | |
download | pfsense-f248cdc0fedd33318cc54837863f8454b560f2ec.zip pfsense-f248cdc0fedd33318cc54837863f8454b560f2ec.tar.gz |
Remove strongswan's cert directories and repopulate them, to ensure no removed CAs, certs, or CRLs remain. Ticket #5238
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 35ff661..5003589 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -176,6 +176,11 @@ function vpn_ipsec_configure($restart = false) { if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d")) { mkdir("{$g['varetc_path']}/ipsec/ipsec.d"); } + // delete these paths first to ensure old CAs, certs and CRLs aren't left behind. redmine #5238 + rmdir_recursive($capath); + rmdir_recursive($keypath); + rmdir_recursive($crlpath); + rmdir_recursive($certpath); if (!is_dir($capath)) { mkdir($capath); } |