aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2011-11-29 11:58:50 -0500
committerjim-p <jimp@pfsense.org>2011-11-29 11:58:50 -0500
commit8490db315678c14c6b580e6d23718e8f089487c9 (patch)
treeaa0dd3c521fc925fd94e50f938361d1ecca9ac27
parent29d06ea57694cd1dc9ee59f395edb6436e04eec8 (diff)
downloadpfsense-packages-8490db315678c14c6b580e6d23718e8f089487c9.tar.gz
pfsense-packages-8490db315678c14c6b580e6d23718e8f089487c9.tar.bz2
pfsense-packages-8490db315678c14c6b580e6d23718e8f089487c9.zip
Add contributed patch to optionally encrypt the key for Viscosity bundles. Fixes #2032
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc15
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php2
2 files changed, 14 insertions, 3 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 234d7326..b9ac8866 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -541,8 +541,19 @@ EOF;
file_put_contents($crtfile, base64_decode($cert['crt']));
// write user .key
- $keyfile = "{$tempdir}/key.key";
- file_put_contents($keyfile, base64_decode($cert['prv']));
+ if (!empty($outpass)) {
+ $keyfile = "{$tempdir}/key.key";
+ $clearkeyfile = "{$tempdir}/key-clear.key";
+ file_put_contents($clearkeyfile, base64_decode($cert['prv']));
+ $eoutpass = escapeshellarg($outpass);
+ $ekeyfile = escapeshellarg($keyfile);
+ $eclearkeyfile = escapeshellarg($clearkeyfile);
+ exec("/usr/bin/openssl rsa -in ${eclearkeyfile} -out ${ekeyfile} -des3 -passout pass:${eoutpass}");
+ unlink($clearkeyfile);
+ } else {
+ $keyfile = "{$tempdir}/key.key";
+ file_put_contents($keyfile, base64_decode($cert['prv']));
+ }
}
// TLS support?
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 5a41b85d..43ed56fd 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -673,7 +673,7 @@ function useproxy_changed(obj) {
</td>
<td>
<span class="vexpl">
- Use a password to protect the pkcs12 file contents.
+ Use a password to protect the pkcs12 file contents or key in Viscosity bundle.
</span>
</td>
</tr>