summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
authorMatt Smith <mgsmith@netgate.com>2015-10-20 12:09:09 -0500
committerMatt Smith <mgsmith@netgate.com>2015-10-20 12:09:09 -0500
commitca35be37bf73efc5fd98a473bdc3a8b4fc6b90ca (patch)
treedafb86f206de1766b5e8f8942fe063d5eaa54360 /usr/local
parentd1e172a96bfdf0bf71d87e5cc6f5639eb7e29ce0 (diff)
downloadpfsense-ca35be37bf73efc5fd98a473bdc3a8b4fc6b90ca.zip
pfsense-ca35be37bf73efc5fd98a473bdc3a8b4fc6b90ca.tar.gz
Limit the auth methods where "My Certificate Authority" is displayed/saved for
mobile clients. Fixes #5323.
Diffstat (limited to 'usr/local')
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php19
1 files changed, 7 insertions, 12 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 7834315..4984f12 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -160,10 +160,12 @@ if ($_POST) {
$method = $pconfig['authentication_method'];
// Unset ca and cert if not required to avaoid storing in config
if ($method == "pre_shared_key" || $method == "xauth_psk_server"){
- unset($pconfig['caref']);
unset($pconfig['certref']);
}
+ if ($method != "rsasig" && $method != "xauth_rsa_server" && $method != "eap-tls") {
+ unset($pconfig['caref']);
+ }
// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
// For RSA methods, require the CA/Cert.
switch ($method) {
@@ -496,23 +498,16 @@ function methodsel_change() {
switch (value) {
case 'eap-mschapv2':
- case 'eap-tls':
case 'eap-radius':
- document.getElementById('opt_psk').style.display = 'none';
- document.getElementById('opt_peerid').style.display = '';
- document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
- document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
- break;
case 'hybrid_rsa_server':
document.getElementById('opt_psk').style.display = 'none';
document.getElementById('opt_peerid').style.display = '';
document.getElementById('opt_cert').style.display = '';
- document.getElementById('opt_ca').style.display = '';
+ document.getElementById('opt_ca').style.display = 'none';
document.getElementById('opt_cert').disabled = false;
- document.getElementById('opt_ca').disabled = false;
+ document.getElementById('opt_ca').disabled = true;
break;
+ case 'eap-tls':
case 'xauth_rsa_server':
case 'rsasig':
document.getElementById('opt_psk').style.display = 'none';
@@ -829,7 +824,7 @@ function dpdchkbox_change() {
</td>
</tr>
<tr id="opt_ca">
- <td width="22%" valign="top" class="vncellreq"><?=gettext("My Certificate Authority"); ?></td>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
<td width="78%" class="vtable">
<select name="caref" class="formselect">
<?php
OpenPOWER on IntegriCloud