diff options
author | jim-p <jimp@pfsense.org> | 2016-11-29 13:33:11 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-11-29 13:34:15 -0500 |
commit | 80080a0c8b5949b1af97d1d49b4cc834d06875cf (patch) | |
tree | 26a06bc8af9f839f0c99bf808545d3576a905f04 /src/usr/local/www/system_camanager.php | |
parent | e2c718c80ad06c6977fa61475f24cede06e56c69 (diff) | |
download | pfsense-80080a0c8b5949b1af97d1d49b4cc834d06875cf.zip pfsense-80080a0c8b5949b1af97d1d49b4cc834d06875cf.tar.gz |
When deleting a CA, do not delete all certificates from this CA, only remove the CA reference from certificates that used this CA, as the relationship can be rebuilt if needed. Also, prevent in-use CAs from being deleted and print a list of places a CA is used, similar to the output on certificates. Fixes #6947
Diffstat (limited to 'src/usr/local/www/system_camanager.php')
-rw-r--r-- | src/usr/local/www/system_camanager.php | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php index fb03d27..112537c 100644 --- a/src/usr/local/www/system_camanager.php +++ b/src/usr/local/www/system_camanager.php @@ -75,13 +75,15 @@ if ($act == "del") { exit; } + /* Only remove CA reference when deleting. It can be reconnected if a new matching CA is imported */ $index = count($a_cert) - 1; for (;$index >= 0; $index--) { if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) { - unset($a_cert[$index]); + unset($a_cert[$index]['caref']); } } + /* Remove any CRLs for this CA, there is no way to recover the connection once the CA has been removed. */ $index = count($a_crl) - 1; for (;$index >= 0; $index--) { if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) { @@ -359,6 +361,7 @@ if (!($act == "new" || $act == "edit" || $act == gettext("Save") || $input_error <th><?=gettext("Issuer")?></th> <th><?=gettext("Certificates")?></th> <th><?=gettext("Distinguished Name")?></th> + <th><?=gettext("In Use")?></th> <th><?=gettext("Actions")?></th> </tr> </thead> @@ -407,13 +410,29 @@ foreach ($a_ca as $i => $ca): <?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b> </small> </td> - <td> + <td class="text-nowrap"> + <?php if (is_openvpn_server_ca($ca['refid'])): ?> + <?=gettext("OpenVPN Server")?><br/> + <?php endif?> + <?php if (is_openvpn_client_ca($ca['refid'])): ?> + <?=gettext("OpenVPN Client")?><br/> + <?php endif?> + <?php if (is_ipsec_peer_ca($ca['refid'])): ?> + <?=gettext("IPsec Tunnel")?><br/> + <?php endif?> + <?php if (is_ldap_peer_ca($ca['refid'])): ?> + <?=gettext("LDAP Server")?> + <?php endif?> + </td> + <td class="text-nowrap"> <a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a> <a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a> <?php if ($ca['prv']): ?> <a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a> <?php endif?> - <a class="fa fa-trash" title="<?=gettext("Delete CA")?>" href="system_camanager.php?act=del&id=<?=$i?>"></a> + <?php if (!ca_in_use($ca['refid'])): ?> + <a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$i?>"></a> + <?php endif?> </td> </tr> <?php endforeach; ?> |