From df4de32d3403e58a45f0e66fccdf67f33e8cde91 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Wed, 22 Jul 2015 15:03:20 -0500
Subject: Add IPsec advanced option for strict CRL checking

---
 usr/local/www/vpn_ipsec_settings.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'usr/local/www')

diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php
index 8b31f57..c0eaba6 100644
--- a/usr/local/www/vpn_ipsec_settings.php
+++ b/usr/local/www/vpn_ipsec_settings.php
@@ -47,6 +47,7 @@ foreach ($ipsec_loglevels as $lkey => $ldescr) {
 	}
 }
 $pconfig['unityplugin'] = isset($config['ipsec']['unityplugin']);
+$pconfig['strictcrlpolicy'] = isset($config['ipsec']['strictcrlpolicy']);
 $pconfig['makebeforebreak'] = isset($config['ipsec']['makebeforebreak']);
 $pconfig['noshuntlaninterfaces'] = isset($config['ipsec']['noshuntlaninterfaces']);
 $pconfig['compression'] = isset($config['ipsec']['compression']);
@@ -161,6 +162,12 @@ if ($_POST) {
 			$needsrestart = true;
 			unset($config['ipsec']['unityplugin']);
 		}
+		
+		if ($_POST['strictcrlpolicy'] == "yes") {
+			$config['ipsec']['strictcrlpolicy'] = true;
+		} else {
+			unset($config['ipsec']['strictcrlpolicy']);
+		}
 
 		if ($_POST['makebeforebreak'] == "yes") {
 			$config['ipsec']['makebeforebreak'] = true;
@@ -393,6 +400,15 @@ function maxmss_checked(obj) {
 						</td>
 					</tr>
 					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Strict CRL Checking"); ?></td>
+						<td width="78%" class="vtable">
+							<input name="strictcrlpolicy" type="checkbox" id="strictcrlpolicy" value="yes" <?php if ($pconfig['strictcrlpolicy'] == true) echo "checked=\"checked\""; ?> />
+							<strong><?=gettext("Enable strict Certificate Revocation List checking"); ?></strong>
+							<br />
+							<?=gettext("Check this to require availability of a fresh CRL for peer authentication based on RSA signatures to succeed."); ?>
+						</td>
+					</tr>
+					<tr>
 						<td width="22%" valign="top" class="vncell"><?=gettext("Make before Break"); ?></td>
 						<td width="78%" class="vtable">
 							<input name="makebeforebreak" type="checkbox" id="makebeforebreak" value="yes" <?php if ($pconfig['makebeforebreak'] == true) echo "checked=\"checked\""; ?> />
-- 
cgit v1.1