diff options
author | Renato Botelho <renato@netgate.com> | 2016-08-01 18:34:48 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-08-01 18:34:48 -0300 |
commit | 52342bc49e71d186f308d81dc23b87360c6d03ed (patch) | |
tree | 04c502f9ba8ee9dca70f7bba324923f52db972b9 /src/etc | |
parent | 69176bedfa7a5b1fdd4679639e90a4d35428c8e6 (diff) | |
parent | eafd9cfb5e68b1d466f7627fc729078e21a23f1a (diff) | |
download | pfsense-52342bc49e71d186f308d81dc23b87360c6d03ed.zip pfsense-52342bc49e71d186f308d81dc23b87360c6d03ed.tar.gz |
Merge pull request #3067 from phil-davis/useallcerts
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/openvpn.inc | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index f918b33..ecf84d0 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -1006,8 +1006,16 @@ function openvpn_reconfigure($mode, $settings) { case 'server_tls': case 'server_tls_user': case 'server_user': - $ca = lookup_ca($settings['caref']); - openvpn_add_keyfile($ca['crt'], $conf, $mode_id, "ca"); + // ca_chain() expects parameter to be passed by reference. + // avoid passing the whole settings array, as param names or + // types might change in future releases. + $param = array('caref' => $settings['caref']); + $ca = ca_chain($param); + $ca = base64_encode($ca); + + openvpn_add_keyfile($ca, $conf, $mode_id, "ca"); + + unset($ca, $param); if (!empty($settings['certref'])) { $cert = lookup_cert($settings['certref']); |