Projet

Général

Profil

« Précédent | Suivant » 

Révision 2da48592

Ajouté par jim-p il y a presque 10 ans

Allow the user to select "None" for OpenVPN client certificate, so long as they supply and auth user/pass. Ticket #3633

Voir les différences:

etc/inc/openvpn.inc
593 593 
		if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls')))
594 594 
			$settings['cert_depth'] = 1;
595 595 
		if (is_numeric($settings['cert_depth'])) {
596 
			$cert = lookup_cert($settings['certref']);
597 
			/* XXX: Seems not used at all! */
598 
			$servercn = urlencode(cert_get_cn($cert['crt']));
599 
			$conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n";
596 
			if (($mode == 'client') && empty($settings['certref']))
597 
				$cert = "";
598 
			else {
599 
				$cert = lookup_cert($settings['certref']);
600 
				/* XXX: Seems not used at all! */
601 
				$servercn = urlencode(cert_get_cn($cert['crt']));
602 
				$conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n";
603 
			}
600 604 
		}
601 605 

  		




  602
  606
  
    
		// The local port to listen on


  		




  ......




  723
  727
  
    
		case 'server_user':


  		




  724
  728
  
    
			$ca = lookup_ca($settings['caref']);


  		




  725
  729
  
    
			openvpn_add_keyfile($ca['crt'], $conf, $mode_id, "ca");


  		




  726
  
  
    
			$cert = lookup_cert($settings['certref']);


  		




  727
  
  
    
			openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert");


  		




  728
  
  
    
			openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");


  		




  
  730
  
    

  		




  
  731
  
    
			if (!empty($settings['certref'])) {


  		




  
  732
  
    
				$cert = lookup_cert($settings['certref']);


  		




  
  733
  
    
				openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert");


  		




  
  734
  
    
				openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");


  		




  
  735
  
    
			}


  		




  729
  736
  
    
			if ($mode == 'server')


  		




  730
  737
  
    
				$conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n";


  		




  731
  738
  
    
			if (!empty($settings['crlref'])) {


  		












Formats disponibles :  Unified diff