diff options
author | Matt Smith <mgsmith@netgate.com> | 2015-10-20 12:09:09 -0500 |
---|---|---|
committer | Matt Smith <mgsmith@netgate.com> | 2015-10-20 12:09:09 -0500 |
commit | ca35be37bf73efc5fd98a473bdc3a8b4fc6b90ca (patch) | |
tree | dafb86f206de1766b5e8f8942fe063d5eaa54360 /usr/local/www/vpn_ipsec_phase1.php | |
parent | d1e172a96bfdf0bf71d87e5cc6f5639eb7e29ce0 (diff) | |
download | pfsense-ca35be37bf73efc5fd98a473bdc3a8b4fc6b90ca.zip pfsense-ca35be37bf73efc5fd98a473bdc3a8b4fc6b90ca.tar.gz |
Limit the auth methods where "My Certificate Authority" is displayed/saved for
mobile clients. Fixes #5323.
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 7834315..4984f12 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -160,10 +160,12 @@ if ($_POST) { $method = $pconfig['authentication_method']; // Unset ca and cert if not required to avaoid storing in config if ($method == "pre_shared_key" || $method == "xauth_psk_server"){ - unset($pconfig['caref']); unset($pconfig['certref']); } + if ($method != "rsasig" && $method != "xauth_rsa_server" && $method != "eap-tls") { + unset($pconfig['caref']); + } // Only require PSK here for normal PSK tunnels (not mobile) or xauth. // For RSA methods, require the CA/Cert. switch ($method) { @@ -496,23 +498,16 @@ function methodsel_change() { switch (value) { case 'eap-mschapv2': - case 'eap-tls': case 'eap-radius': - document.getElementById('opt_psk').style.display = 'none'; - document.getElementById('opt_peerid').style.display = ''; - document.getElementById('opt_cert').style.display = ''; - document.getElementById('opt_ca').style.display = ''; - document.getElementById('opt_cert').disabled = false; - document.getElementById('opt_ca').disabled = false; - break; case 'hybrid_rsa_server': document.getElementById('opt_psk').style.display = 'none'; document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; - document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_ca').style.display = 'none'; document.getElementById('opt_cert').disabled = false; - document.getElementById('opt_ca').disabled = false; + document.getElementById('opt_ca').disabled = true; break; + case 'eap-tls': case 'xauth_rsa_server': case 'rsasig': document.getElementById('opt_psk').style.display = 'none'; @@ -829,7 +824,7 @@ function dpdchkbox_change() { </td> </tr> <tr id="opt_ca"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> <td width="78%" class="vtable"> <select name="caref" class="formselect"> <?php |