summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_ipsec_settings.php
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2015-07-22 15:03:20 -0500
committerChris Buechler <cmb@pfsense.org>2015-07-22 15:03:56 -0500
commitdf4de32d3403e58a45f0e66fccdf67f33e8cde91 (patch)
tree4332922479177d25258f051cc4a2c6225cf3f9ef /usr/local/www/vpn_ipsec_settings.php
parent0be67fe5fe1dc9483ab815223c2275d85083c22a (diff)
downloadpfsense-df4de32d3403e58a45f0e66fccdf67f33e8cde91.zip
pfsense-df4de32d3403e58a45f0e66fccdf67f33e8cde91.tar.gz
Add IPsec advanced option for strict CRL checking
Diffstat (limited to 'usr/local/www/vpn_ipsec_settings.php')
-rw-r--r--usr/local/www/vpn_ipsec_settings.php16
1 files changed, 16 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php
index 8b31f57..c0eaba6 100644
--- a/usr/local/www/vpn_ipsec_settings.php
+++ b/usr/local/www/vpn_ipsec_settings.php
@@ -47,6 +47,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) {
}
}
$pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']);
+$pconfig['strictcrlpolicy'] = isset($config['ipsec']['strictcrlpolicy']);
$pconfig['makebeforebreak'] = isset($config['ipsec']['makebeforebreak']);
$pconfig['noshuntlaninterfaces'] = isset($config['ipsec']['noshuntlaninterfaces']);
$pconfig['compression'] = isset($config['ipsec']['compression']);
@@ -161,6 +162,12 @@ if ($_POST) {
$needsrestart = true;
unset($config['ipsec']['unityplugin']);
}
+
+ if ($_POST['strictcrlpolicy'] == "yes") {
+ $config['ipsec']['strictcrlpolicy'] = true;
+ } else {
+ unset($config['ipsec']['strictcrlpolicy']);
+ }
if ($_POST['makebeforebreak'] == "yes") {
$config['ipsec']['makebeforebreak'] = true;
@@ -393,6 +400,15 @@ function maxmss_checked(obj) {
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Strict CRL Checking"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="strictcrlpolicy" type="checkbox" id="strictcrlpolicy" value="yes" <?php if ($pconfig['strictcrlpolicy'] == true) echo "checked=\"checked\""; ?> />
+ <strong><?=gettext("Enable strict Certificate Revocation List checking"); ?></strong>
+ <br />
+ <?=gettext("Check this to require availability of a fresh CRL for peer authentication based on RSA signatures to succeed."); ?>
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Make before Break"); ?></td>
<td width="78%" class="vtable">
<input name="makebeforebreak" type="checkbox" id="makebeforebreak" value="yes" <?php if ($pconfig['makebeforebreak'] == true) echo "checked=\"checked\""; ?> />
OpenPOWER on IntegriCloud