From 0b7fd3e91deacbb301e1684a40911c8e95ec6533 Mon Sep 17 00:00:00 2001 From: mgrooms Date: Thu, 12 Mar 2009 21:50:25 +0000 Subject: Correct the configuration file IPsec certificate upgrade process. --- cf/conf/config.xml | 2 +- conf.default/config.xml | 4 ++-- etc/inc/config.inc | 36 ++++++++++++++++++++++-------------- etc/inc/globals.inc | 2 +- 4 files changed, 26 insertions(+), 18 deletions(-) diff --git a/cf/conf/config.xml b/cf/conf/config.xml index ec1821b..7a8ddf4 100644 --- a/cf/conf/config.xml +++ b/cf/conf/config.xml @@ -1,7 +1,7 @@ - 5.5 + 5.6 nervecenter diff --git a/conf.default/config.xml b/conf.default/config.xml index 805f593..a543b47 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -1,7 +1,7 @@ - 5.5 + 5.6 nervecenter @@ -785,4 +785,4 @@ - \ No newline at end of file + diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 5b0ff2a..faf5af7 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -2166,15 +2166,20 @@ endif; /* Convert 5.5 -> 5.6 */ if ($config['version'] <= 5.5) { - /* migrate ipsec ca's to cert manager */ if (!is_array($config['system']['ca'])) $config['system']['ca'] = array(); if (!is_array($config['system']['cert'])) $config['system']['cert'] = array(); + + /* migrate ipsec ca's to cert manager */ if (is_array($config['ipsec']['cacert'])) { - foreach($config['ipsec']['cacert'], & $cacert) { - $ca = new array(); - $ca['crt'] = $cacert['cert']; + foreach($config['ipsec']['cacert'] as & $cacert) { + $ca = array(); + $ca['refid'] = uniqid(); + if (is_array($cacert['cert'])) + $ca['crt'] = $cacert['cert'][0]; + else + $ca['crt'] = $cacert['cert']; $ca['name'] = $cacert['ident']; $config['system']['ca'][] = $ca; } @@ -2183,19 +2188,22 @@ endif; /* migrate phase1 certificates to cert manager */ if (is_array($config['ipsec']['phase1'])) { - foreach($config['ipsec']['phase1'], & $ph1ent) { - if($ph1ent['cert'] && $ph1ent['private-key']) { - $cert = new array(); - $cert['name'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate"; + foreach($config['ipsec']['phase1'] as & $ph1ent) { + $cert = array(); + $cert['refid'] = uniqid(); + $cert['name'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate"; + if (is_array($ph1ent['cert'])) + $cert['crt'] = $ph1ent['cert'][0]; + else $cert['crt'] = $ph1ent['cert']; - $cert['prv'] = $ph1ent['private-key']; - $config['system']['cert'][] = $cert; - } - if($ph1ent['cert']) + $cert['prv'] = $ph1ent['private-key']; + $config['system']['cert'][] = $cert; + $ph1ent['certref'] = $cert['refid']; + if ($ph1ent['cert']) unset($ph1ent['cert']); - if($ph1ent['private-key']) + if ($ph1ent['private-key']) unset($ph1ent['private-key']); - if($ph1ent['peercert']) + if ($ph1ent['peercert']) unset($ph1ent['peercert']); } } diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 054ce31..66632d9 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -58,7 +58,7 @@ $g = array( "product_website_footer" => "http://www.pfsense.org/?gui20", "product_email" => "coreteam@pfsense.org", "debug" => false, - "latest_config" => "5.5", + "latest_config" => "5.6", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "115", "minimum_ram_warning_text" => "128 megabytes", -- cgit v1.1