summaryrefslogtreecommitdiffstats
path: root/etc/inc/config.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/inc/config.inc')
-rw-r--r--etc/inc/config.inc36
1 files changed, 22 insertions, 14 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 5b0ff2a..faf5af7 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -2166,15 +2166,20 @@ endif;
/* Convert 5.5 -> 5.6 */
if ($config['version'] <= 5.5) {
- /* migrate ipsec ca's to cert manager */
if (!is_array($config['system']['ca']))
$config['system']['ca'] = array();
if (!is_array($config['system']['cert']))
$config['system']['cert'] = array();
+
+ /* migrate ipsec ca's to cert manager */
if (is_array($config['ipsec']['cacert'])) {
- foreach($config['ipsec']['cacert'], & $cacert) {
- $ca = new array();
- $ca['crt'] = $cacert['cert'];
+ foreach($config['ipsec']['cacert'] as & $cacert) {
+ $ca = array();
+ $ca['refid'] = uniqid();
+ if (is_array($cacert['cert']))
+ $ca['crt'] = $cacert['cert'][0];
+ else
+ $ca['crt'] = $cacert['cert'];
$ca['name'] = $cacert['ident'];
$config['system']['ca'][] = $ca;
}
@@ -2183,19 +2188,22 @@ endif;
/* migrate phase1 certificates to cert manager */
if (is_array($config['ipsec']['phase1'])) {
- foreach($config['ipsec']['phase1'], & $ph1ent) {
- if($ph1ent['cert'] && $ph1ent['private-key']) {
- $cert = new array();
- $cert['name'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate";
+ foreach($config['ipsec']['phase1'] as & $ph1ent) {
+ $cert = array();
+ $cert['refid'] = uniqid();
+ $cert['name'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate";
+ if (is_array($ph1ent['cert']))
+ $cert['crt'] = $ph1ent['cert'][0];
+ else
$cert['crt'] = $ph1ent['cert'];
- $cert['prv'] = $ph1ent['private-key'];
- $config['system']['cert'][] = $cert;
- }
- if($ph1ent['cert'])
+ $cert['prv'] = $ph1ent['private-key'];
+ $config['system']['cert'][] = $cert;
+ $ph1ent['certref'] = $cert['refid'];
+ if ($ph1ent['cert'])
unset($ph1ent['cert']);
- if($ph1ent['private-key'])
+ if ($ph1ent['private-key'])
unset($ph1ent['private-key']);
- if($ph1ent['peercert'])
+ if ($ph1ent['peercert'])
unset($ph1ent['peercert']);
}
}
OpenPOWER on IntegriCloud