diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-10-12 22:03:59 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-10-12 22:05:15 -0500 |
| commit | 96d5ca1169c2435572065c103639988b7ef7c9d3 (patch) | |
| tree | 08b2a7b2a1f39cab7dd1ec4f09c86666328f1584 /src | |
| parent | 31630f472b2fe191319f5f3c0863f9ab35086ee2 (diff) | |
| download | pfsense-96d5ca1169c2435572065c103639988b7ef7c9d3.zip pfsense-96d5ca1169c2435572065c103639988b7ef7c9d3.tar.gz | |
Remove strongswan's cert directories and repopulate them, to ensure no removed CAs, certs, or CRLs remain. Ticket #5238
Diffstat (limited to 'src')
| -rw-r--r-- | src/etc/inc/vpn.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 74bbc59..220da2b 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -172,6 +172,11 @@ function vpn_ipsec_configure($restart = false) { if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d")) { mkdir("{$g['varetc_path']}/ipsec/ipsec.d"); } + // delete these paths first to ensure old CAs, certs and CRLs aren't left behind. redmine #5238 + rmdir_recursive($capath); + rmdir_recursive($keypath); + rmdir_recursive($crlpath); + rmdir_recursive($certpath); if (!is_dir($capath)) { mkdir($capath); } |
