diff options
| author | Jim P <jim@pingle.org> | 2012-11-24 13:52:13 -0800 |
|---|---|---|
| committer | Jim P <jim@pingle.org> | 2012-11-24 13:52:13 -0800 |
| commit | 35abadada204d0a9cf32ba5dd3dc32e7b7b5b54f (patch) | |
| tree | b930d4a31a86454e1a1a1b5e0eb56b40599612bf | |
| parent | c554c87ba2260e10dd474d6ea56b204fc12234d0 (diff) | |
| parent | 51cd6f8b6f5383144c7def537cd5d3e98e69f822 (diff) | |
| download | pfsense-packages-35abadada204d0a9cf32ba5dd3dc32e7b7b5b54f.tar.gz pfsense-packages-35abadada204d0a9cf32ba5dd3dc32e7b7b5b54f.tar.bz2 pfsense-packages-35abadada204d0a9cf32ba5dd3dc32e7b7b5b54f.zip | |
Merge pull request #339 from PiBa-NL/openvpn-client-export-certchecks
openvpn-client-export, better error reporting on unsupported OpenVPN configurations
| -rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 2fc1147d..710c5539 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -117,13 +117,17 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { // lookup server certificate info $server_cert = lookup_cert($settings['certref']); - $server_ca = lookup_ca($server_cert['caref']); - if (!$server_cert || !$server_ca) { - $input_errors[] = "Could not locate certificate."; - return false; - } - if (function_exists("cert_get_cn")) { - $servercn = cert_get_cn($server_cert['crt']); + if (!$server_cert) + { + $input_errors[] = "Could not locate server certificate."; + } else { + $server_ca = lookup_ca($server_cert['caref']); + if (!$server_ca) { + $input_errors[] = "Could not locate the CA reference for the server certificate."; + } + if (function_exists("cert_get_cn")) { + $servercn = cert_get_cn($server_cert['crt']); + } } // lookup user info @@ -131,7 +135,6 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { $user = $config['system']['user'][$usrid]; if (!$user) { $input_errors[] = "Could not find user settings."; - return false; } } @@ -143,17 +146,23 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { $cert = $config['cert'][$crtid]; } if (!$cert) - return false; - // If $cert is not an array, it's a certref not a cert. - if (!is_array($cert)) - $cert = lookup_cert($cert); + { + $input_errors[] = "Could not find client certificate."; + } else { + // If $cert is not an array, it's a certref not a cert. + if (!is_array($cert)) + $cert = lookup_cert($cert); + } } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) { $cert = $config['cert'][$crtid]; if (!$cert) - return false; + $input_errors[] = "Could not find client certifficate."; } else $nokeys = true; + if ($input_errors) + return false; + return array($settings, $server_cert, $server_ca, $servercn, $user, $cert, $nokeys); } |