diff options
author | jim-p <jimp@pfsense.org> | 2017-09-12 13:49:55 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-09-12 13:49:55 -0400 |
commit | 00d5594c737d475abab8e0361bb3ff7f93b98ac8 (patch) | |
tree | c3fc04d323117e8b7576dc47bb06277470bf1d3b /src/etc | |
parent | 46583aba3a382c28fb6bc4bbbcd7dbf28fe38782 (diff) | |
download | pfsense-00d5594c737d475abab8e0361bb3ff7f93b98ac8.zip pfsense-00d5594c737d475abab8e0361bb3ff7f93b98ac8.tar.gz |
Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/xmlparse.inc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/etc/inc/xmlparse.inc b/src/etc/inc/xmlparse.inc index 5d00d29..60028c3 100644 --- a/src/etc/inc/xmlparse.inc +++ b/src/etc/inc/xmlparse.inc @@ -244,6 +244,12 @@ function dump_xml_config_sub($arr, $indent) { } else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail") || (substr($ent, 0, 12) == "login_banner") || + (substr($ent, 0, 5) == "state") || + (substr($ent, 0, 4) == "city") || + (substr($ent, 0, 12) == "organization") || + (substr($ent, 0, 5) == "email") || + (substr($ent, 0, 6) == "certca") || + (substr($ent, 0, 8) == "certname") || (substr($ent, 0, 9) == "ldap_attr") || (substr($ent, 0, 9) == "ldap_bind") || (substr($ent, 0, 11) == "ldap_basedn") || @@ -275,6 +281,12 @@ function dump_xml_config_sub($arr, $indent) { if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail") || (substr($ent, 0, 12) == "login_banner") || + (substr($ent, 0, 5) == "state") || + (substr($ent, 0, 4) == "city") || + (substr($ent, 0, 12) == "organization") || + (substr($ent, 0, 5) == "email") || + (substr($ent, 0, 6) == "certca") || + (substr($ent, 0, 8) == "certname") || (substr($ent, 0, 9) == "ldap_attr") || (substr($ent, 0, 9) == "ldap_bind") || (substr($ent, 0, 11) == "ldap_basedn") || |