diff options
author | jim-p <jimp@pfsense.org> | 2011-11-29 11:58:50 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-11-29 11:58:50 -0500 |
commit | 8490db315678c14c6b580e6d23718e8f089487c9 (patch) | |
tree | aa0dd3c521fc925fd94e50f938361d1ecca9ac27 | |
parent | 29d06ea57694cd1dc9ee59f395edb6436e04eec8 (diff) | |
download | pfsense-packages-8490db315678c14c6b580e6d23718e8f089487c9.tar.gz pfsense-packages-8490db315678c14c6b580e6d23718e8f089487c9.tar.bz2 pfsense-packages-8490db315678c14c6b580e6d23718e8f089487c9.zip |
Add contributed patch to optionally encrypt the key for Viscosity bundles. Fixes #2032
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 15 | ||||
-rwxr-xr-x | config/openvpn-client-export/vpn_openvpn_export.php | 2 |
2 files changed, 14 insertions, 3 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 234d7326..b9ac8866 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -541,8 +541,19 @@ EOF; file_put_contents($crtfile, base64_decode($cert['crt'])); // write user .key - $keyfile = "{$tempdir}/key.key"; - file_put_contents($keyfile, base64_decode($cert['prv'])); + if (!empty($outpass)) { + $keyfile = "{$tempdir}/key.key"; + $clearkeyfile = "{$tempdir}/key-clear.key"; + file_put_contents($clearkeyfile, base64_decode($cert['prv'])); + $eoutpass = escapeshellarg($outpass); + $ekeyfile = escapeshellarg($keyfile); + $eclearkeyfile = escapeshellarg($clearkeyfile); + exec("/usr/bin/openssl rsa -in ${eclearkeyfile} -out ${ekeyfile} -des3 -passout pass:${eoutpass}"); + unlink($clearkeyfile); + } else { + $keyfile = "{$tempdir}/key.key"; + file_put_contents($keyfile, base64_decode($cert['prv'])); + } } // TLS support? diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 5a41b85d..43ed56fd 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -673,7 +673,7 @@ function useproxy_changed(obj) { </td> <td> <span class="vexpl"> - Use a password to protect the pkcs12 file contents. + Use a password to protect the pkcs12 file contents or key in Viscosity bundle. </span> </td> </tr> |