diff options
author | jim-p <jimp@pfsense.org> | 2011-11-22 13:50:12 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-11-22 13:50:12 -0500 |
commit | 29d06ea57694cd1dc9ee59f395edb6436e04eec8 (patch) | |
tree | 634ce691d9cb920f9b8a3af673ba79c9c6206254 | |
parent | a47f428c201a32f85e4c4bde640f825e681702a3 (diff) | |
download | pfsense-packages-29d06ea57694cd1dc9ee59f395edb6436e04eec8.tar.gz pfsense-packages-29d06ea57694cd1dc9ee59f395edb6436e04eec8.tar.bz2 pfsense-packages-29d06ea57694cd1dc9ee59f395edb6436e04eec8.zip |
If we can determine that the server cert has nsCertType=server, then add ns-cert-type server to the client config.
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 9 | ||||
-rw-r--r-- | pkg_config.8.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index a69826ba..234d7326 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -230,6 +230,15 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke // - Disable for now, it requires the server cert to include special options //$conf .= "remote-cert-tls server{$nl}"; + // Extra protection for the server cert, if it's supported + if (function_exists("cert_get_purpose")) { + if (is_array($server_cert) && ($server_cert['crt'])) { + $purpose = cert_get_purpose($server_cert['crt'], true); + if ($purpose['server'] == 'Yes') + $conf .= "ns-cert-type server"; + } + } + // add optional settings if ($settings['compression']) $conf .= "comp-lzo{$nl}"; diff --git a/pkg_config.8.xml b/pkg_config.8.xml index c313495c..bd21929a 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1008,7 +1008,7 @@ </depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>0.9.5</version> + <version>0.9.6</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index ce1d4237..f7313d05 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -969,7 +969,7 @@ <depends_on_package>zip-3.0.tbz</depends_on_package> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>0.9.5</version> + <version>0.9.6</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> |