diff options
| author | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-21 03:59:32 -0400 |
|---|---|---|
| committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-21 04:02:04 -0400 |
| commit | f27526cd2982f3da3108ed09000df8f4a51eea81 (patch) | |
| tree | 447749fc14a7961fbf4b974753b54b1f49868b05 /usr/local/www/vpn_ipsec_phase1.php | |
| parent | adc4bdcc47ca73deac02725c7bfdd07ac5eeb684 (diff) | |
| download | pfsense-f27526cd2982f3da3108ed09000df8f4a51eea81.zip pfsense-f27526cd2982f3da3108ed09000df8f4a51eea81.tar.gz | |
Do not store CA and CERT in config unless needed. Will allow deleting unused certs.
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 69cb438..31ce5e9 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -139,6 +139,11 @@ if ($_POST) { /* input validation */ $method = $pconfig['authentication_method']; + // Unset ca and cert if not required to avaoid storing in config + if ($method == "pre_shared_key" || method == "xauth_psk_server"){ + unset($pconfig['caref']); + unset($pconfig['certref']); + } // Only require PSK here for normal PSK tunnels (not mobile) or xauth. // For RSA methods, require the CA/Cert. |
