diff options
author | jim-p <jimp@pfsense.org> | 2015-12-07 10:17:13 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-12-07 10:18:33 -0500 |
commit | 0e9d4a6dc2cd683c64488be76a9911519079e606 (patch) | |
tree | 22f6d4d49699e5be51aac61f3af7ef6c5084aaea /src/usr/local/www/vpn_openvpn_server.php | |
parent | de1a3167620d083353e5a1d9a6e2021775d627ef (diff) | |
download | pfsense-0e9d4a6dc2cd683c64488be76a9911519079e606.zip pfsense-0e9d4a6dc2cd683c64488be76a9911519079e606.tar.gz |
Prioritize and separate server certs for OpenVPN servers to make it more clear they should be using certificates created as Server certificates for this purpose -- it's still valid to use non-server certs but it's not what most people intend to do. Ticket #5602
Diffstat (limited to 'src/usr/local/www/vpn_openvpn_server.php')
-rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 7a94bec..8861cb7 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -419,6 +419,9 @@ if ($_POST) { /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { + if (empty(trim($pconfig['certref']))) { + $input_errors[] = gettext("The selected certificate is not valid"); + } $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate")); } elseif (!$pconfig['autokey_enable']) { @@ -744,12 +747,24 @@ if($act=="new" || $act=="edit") : )); } + $certhelp = ""; + if (count($a_cert)) { + if (!empty(trim($pconfig['certref']))) { + $purpose = cert_get_purpose($a_cert[$pconfig['certref']]['crt'], true); + if ($purpose['server'] != "Yes") { + $certhelp = gettext("Warning: The previously saved server was not created as an SSL Server certificate and may not work properly."); + } + } + } else { + $certhelp = sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>'); + } + $section->addInput(new Form_Select( 'certref', 'Server certificate', $pconfig['certref'], - openvpn_build_cert_list() - ))->setHelp(count($a_cert) ? '':sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>')); + openvpn_build_cert_list(false, true) + ))->setHelp($certhelp); $section->addInput(new Form_Select( 'dh_length', |