diff options
author | Renato Botelho <renato@netgate.com> | 2016-01-15 15:12:07 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-01-15 15:12:07 -0200 |
commit | 29e6a815c9b9a3b81f7628873e08bd8d8c499bee (patch) | |
tree | fc4ddf261e9c2ebd1f44123bdbc9b7d1a550cd2c /src/etc/inc | |
parent | 2cb37fa6c1a5746a55e09186c557ea298865da87 (diff) | |
download | pfsense-29e6a815c9b9a3b81f7628873e08bd8d8c499bee.zip pfsense-29e6a815c9b9a3b81f7628873e08bd8d8c499bee.tar.gz |
Do not allow certificate to be deleted if it's been used by a package. Fixes #4142
Diffstat (limited to 'src/etc/inc')
-rw-r--r-- | src/etc/inc/certs.inc | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index 26e9e1b..d49f478 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -692,6 +692,22 @@ function is_webgui_cert($certref) { } } +function is_package_cert($certref) { + $pluginparams = array(); + $pluginparams['type'] = 'certificates'; + $pluginparams['event'] = 'used_certificates'; + + $certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams); + + /* Check if any package is using certificate */ + foreach ($certificates_used_by_packages as $name => $package) { + if (is_array($package['certificatelist'][$certref]) && + isset($package['certificatelist'][$certref]) > 0) { + return true; + } + } +} + function is_captiveportal_cert($certref) { global $config; if (!is_array($config['captiveportal'])) { @@ -706,12 +722,14 @@ function is_captiveportal_cert($certref) { } function cert_in_use($certref) { + return (is_webgui_cert($certref) || is_user_cert($certref) || is_openvpn_server_cert($certref) || is_openvpn_client_cert($certref) || is_ipsec_cert($certref) || - is_captiveportal_cert($certref)); + is_captiveportal_cert($certref) || + is_package_cert($certref)); } function crl_create(& $crl, $caref, $name, $serial = 0, $lifetime = 9999) { |