diff options
author | Matt Smith <mgsmith@netgate.com> | 2015-10-20 12:01:58 -0500 |
---|---|---|
committer | Matt Smith <mgsmith@netgate.com> | 2015-10-20 12:02:25 -0500 |
commit | 3f0b8a959dd6109b29379f9fb93d392bcd57e15b (patch) | |
tree | a3f3bfd3f68783367e0a1f8d0b89454397dcbced /src/usr/local/www/vpn_ipsec_phase1.php | |
parent | df6cb8fe852baa5788f68918b0b742a40b6cf874 (diff) | |
download | pfsense-3f0b8a959dd6109b29379f9fb93d392bcd57e15b.zip pfsense-3f0b8a959dd6109b29379f9fb93d392bcd57e15b.tar.gz |
Limit the auth methods where "My Certificate Authority" is displayed/saved for
mobile clients. Fixes #5323.
Diffstat (limited to 'src/usr/local/www/vpn_ipsec_phase1.php')
-rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 5a9b37f..5fda34b 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -199,10 +199,11 @@ if ($_POST) { $method = $pconfig['authentication_method']; // Unset ca and cert if not required to avoid storing in config if ($method == "pre_shared_key" || $method == "xauth_psk_server") { - unset($pconfig['caref']); unset($pconfig['certref']); } - + if ($method != "rsasig" && $method != "xauth_rsa_server" && $method != "eap-tls") { + unset($pconfig['caref']); + } // Only require PSK here for normal PSK tunnels (not mobile) or xauth. // For RSA methods, require the CA/Cert. switch ($method) { @@ -766,7 +767,7 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Select( 'caref', - 'My Certificate Authority', + 'Peer Certificate Authority', $pconfig['caref'], build_ca_list() ))->setHelp('Select a certificate authority previously configured in the Certificate Manager.'); @@ -946,8 +947,15 @@ events.push(function(){ switch ($('#authentication_method').val()) { case 'eap-mschapv2': case 'eap-radius': - case 'eap-tls': case 'hybrid_rsa_server': + hideInput('pskey', true); + hideClass('peeridgroup', false); + hideInput('certref', false); + hideInput('caref', true); + disableInput('certref', false); + disableInput('caref', true); + break; + case 'eap-tls': case 'xauth_rsa_server': case 'rsasig': hideInput('pskey', true); |