summaryrefslogtreecommitdiffstats
path: root/src/etc/inc
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2016-01-15 15:12:07 -0200
committerRenato Botelho <renato@netgate.com>2016-01-15 15:12:07 -0200
commit29e6a815c9b9a3b81f7628873e08bd8d8c499bee (patch)
treefc4ddf261e9c2ebd1f44123bdbc9b7d1a550cd2c /src/etc/inc
parent2cb37fa6c1a5746a55e09186c557ea298865da87 (diff)
downloadpfsense-29e6a815c9b9a3b81f7628873e08bd8d8c499bee.zip
pfsense-29e6a815c9b9a3b81f7628873e08bd8d8c499bee.tar.gz
Do not allow certificate to be deleted if it's been used by a package. Fixes #4142
Diffstat (limited to 'src/etc/inc')
-rw-r--r--src/etc/inc/certs.inc20
1 files changed, 19 insertions, 1 deletions
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc
index 26e9e1b..d49f478 100644
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@@ -692,6 +692,22 @@ function is_webgui_cert($certref) {
}
}
+function is_package_cert($certref) {
+ $pluginparams = array();
+ $pluginparams['type'] = 'certificates';
+ $pluginparams['event'] = 'used_certificates';
+
+ $certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
+
+ /* Check if any package is using certificate */
+ foreach ($certificates_used_by_packages as $name => $package) {
+ if (is_array($package['certificatelist'][$certref]) &&
+ isset($package['certificatelist'][$certref]) > 0) {
+ return true;
+ }
+ }
+}
+
function is_captiveportal_cert($certref) {
global $config;
if (!is_array($config['captiveportal'])) {
@@ -706,12 +722,14 @@ function is_captiveportal_cert($certref) {
}
function cert_in_use($certref) {
+
return (is_webgui_cert($certref) ||
is_user_cert($certref) ||
is_openvpn_server_cert($certref) ||
is_openvpn_client_cert($certref) ||
is_ipsec_cert($certref) ||
- is_captiveportal_cert($certref));
+ is_captiveportal_cert($certref) ||
+ is_package_cert($certref));
}
function crl_create(& $crl, $caref, $name, $serial = 0, $lifetime = 9999) {
OpenPOWER on IntegriCloud