Révision 2da48592
Ajouté par jim-p il y a presque 10 ans
etc/inc/openvpn.inc | ||
---|---|---|
593 | 593 |
if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) |
594 | 594 |
$settings['cert_depth'] = 1; |
595 | 595 |
if (is_numeric($settings['cert_depth'])) { |
596 |
$cert = lookup_cert($settings['certref']); |
|
597 |
/* XXX: Seems not used at all! */ |
|
598 |
$servercn = urlencode(cert_get_cn($cert['crt'])); |
|
599 |
$conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n"; |
|
596 |
if (($mode == 'client') && empty($settings['certref'])) |
|
597 |
$cert = ""; |
|
598 |
else { |
|
599 |
$cert = lookup_cert($settings['certref']); |
|
600 |
/* XXX: Seems not used at all! */ |
|
601 |
$servercn = urlencode(cert_get_cn($cert['crt'])); |
|
602 |
$conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n"; |
|
603 |
} |
|
600 | 604 |
} |
601 | 605 |
|
602 | 606 |
// The local port to listen on |
... | ... | |
723 | 727 |
case 'server_user': |
724 | 728 |
$ca = lookup_ca($settings['caref']); |
725 | 729 |
openvpn_add_keyfile($ca['crt'], $conf, $mode_id, "ca"); |
726 |
$cert = lookup_cert($settings['certref']); |
|
727 |
openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); |
|
728 |
openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); |
|
730 |
|
|
731 |
if (!empty($settings['certref'])) { |
|
732 |
$cert = lookup_cert($settings['certref']); |
|
733 |
openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); |
|
734 |
openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); |
|
735 |
} |
|
729 | 736 |
if ($mode == 'server') |
730 | 737 |
$conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n"; |
731 | 738 |
if (!empty($settings['crlref'])) { |
Formats disponibles : Unified diff
Allow the user to select "None" for OpenVPN client certificate, so long as they supply and auth user/pass. Ticket #3633