From ea9a4cc867fa7f82f10f8be799a668cb42a94cdd Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 11 Oct 2011 11:56:53 -0400 Subject: Assume a default value of 1 for cert_depth to disallow chaining. --- etc/inc/openvpn.inc | 2 ++ usr/local/www/vpn_openvpn_server.php | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index b34d442..c9e5975 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -438,6 +438,8 @@ function openvpn_reconfigure($mode, $settings) { } break; } + if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) + $settings['cert_depth'] = 1; if (is_numeric($settings['cert_depth'])) { $sed = ""; $cert = lookup_cert($settings['certref']); diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index fa3cc24..0ef67a7 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -95,6 +95,7 @@ if($_GET['act']=="new"){ $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; + $pconfig['cert_depth'] = 1; } if($_GET['act']=="edit"){ @@ -123,7 +124,10 @@ if($_GET['act']=="edit"){ $pconfig['crlref'] = $a_server[$id]['crlref']; $pconfig['certref'] = $a_server[$id]['certref']; $pconfig['dh_length'] = $a_server[$id]['dh_length']; - $pconfig['cert_depth'] = $a_server[$id]['cert_depth']; + if (isset($a_server[$id]['cert_depth'])) + $pconfig['cert_depth'] = $a_server[$id]['cert_depth']; + else + $pconfig['cert_depth'] = 1; if ($pconfig['mode'] == "server_tls_user") $pconfig['strictusercn'] = $a_server[$id]['strictusercn']; } else -- cgit v1.1