diff options
| author | jim-p <jimp@pfsense.org> | 2010-10-21 13:34:09 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-10-21 13:34:09 -0400 |
| commit | ad08687b5575aade26bb6ee4f6e01d3305e3bcc1 (patch) | |
| tree | 4fa52b34d6d86007bff72cc91d72bfd34c5cdf82 /usr/local | |
| parent | 9f200d7172d2a1b76c7150c24e0688cae70593ff (diff) | |
| download | pfsense-ad08687b5575aade26bb6ee4f6e01d3305e3bcc1.zip pfsense-ad08687b5575aade26bb6ee4f6e01d3305e3bcc1.tar.gz | |
Add support for deleting a cert from a CRL (unrevoke). As of this point basic CRL functionality does work: Revoke a cert and it cannot connect. Remove it from the CRL and it can. (Have to edit/save OpenVPN server instance to update/refresh CRL though). Ticket #555
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/www/system_crlmanager.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 34ecd21..10b80c4 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -80,7 +80,7 @@ if ($act == "del") { } else { $name = $a_crl[$id]['descr']; unset($a_crl[$id]); - write_config(); + write_config("Deleted CRL {$name}."); $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br/>"; } } @@ -146,16 +146,24 @@ if ($act == "addcert") { cert_revoke($cert, $crl, OCSP_REVOKED_STATUS_UNSPECIFIED); write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}."); pfSenseHeader("system_crlmanager.php"); + exit; } } } // Not Finished Yet! if ($act == "delcert") { - if (!$a_crl[$id]) { + $crl =& lookup_crl($_GET['crlref']); + if (!$crl['cert'][$id]) { pfSenseHeader("system_crlmanager.php"); exit; } + $name = $crl['cert'][$id]['descr']; + cert_unrevoke($crl['cert'][$id], $crl); + write_config("Deleted Cert {$name} from CRL {$crl['descr']}."); + $savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $crl['descr']) . "<br/>"; + pfSenseHeader("system_crlmanager.php"); + exit; } if ($_POST) { @@ -213,7 +221,7 @@ if ($_POST) { else $a_crl[] = $crl; - write_config(); + write_config("Saved CRL {$crl['caref']}"); pfSenseHeader("system_crlmanager.php"); } @@ -401,7 +409,7 @@ NOTE: This page is still a work in progress and is not yet fully functional. <?php echo $name; ?> </td> <td class="list"> - <a href="system_crlmanager.php?act=delcert&crlref=<?php echo $crl['refid']; ?>&id=<?php echo $i; ?>"> + <a href="system_crlmanager.php?act=delcert&crlref=<?php echo $crl['refid']; ?>&id=<?php echo $i; ?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?");?>')"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete this certificate from the CRL ");?>" alt="<?=gettext("Delete this certificate from the CRL ");?>" width="17" height="17" border="0" /> </a> </td> |
