diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-11-21 11:09:21 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-11-21 11:09:21 -0200 |
commit | b4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5 (patch) | |
tree | 35d79b1983e294cf8966e8a4d8937c4bf1a27a6d | |
parent | 3c3c23fa27438a101f32a0a33b8f0b054af8f295 (diff) | |
parent | 7c6bdcb88f5d0a57fdc9c0b2025260b556005655 (diff) | |
download | pfsense-packages-b4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5.tar.gz pfsense-packages-b4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5.tar.bz2 pfsense-packages-b4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5.zip |
Merge pull request #726 from alainabbas/patch-1
-rwxr-xr-x | config/squid3/33/squid_reverse.inc | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 1332f220..152d3d12 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -58,8 +58,27 @@ function squid_resync_reverse() { $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; } } + } + //Add Ca certificate for Client Validation + if (isset($settings["reverse_check_clientca"]) && $settings["reverse_check_clientca"] == "on") { + $clientca_cert=lookup_ca($settings["reverse_ssl_clientca"]); + $clientca_prm=''; + if ( $clientca_cert != false){ + if(base64_decode($clientca_cert['crt'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientca"]}.crt",sq_text_area_decode($clientca_cert['crt'])); + $clientca_prm = "clientca=" . SQUID_CONFBASE . "/{$settings["reverse_ssl_clientca"]}.crt "; + } + } + $crl=lookup_crl($settings["reverse_ssl_clientcrl"]); + crl_update($crl); + if ( $crl != false){ + if(base64_decode($crl['text'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl",base64_decode($crl['text'])); + $clientca_prm .= "crlfile=" . SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl sslflags=VERIFY_CRL "; + } + } } - + if (!empty($settings['reverse_int_ca'])) file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); @@ -82,7 +101,7 @@ function squid_resync_reverse() { $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; //HTTPS if (!empty($settings['reverse_https'])) - $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; + $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} ".$clientca_prm."key={$reverse_key} defaultsite={$https_defsite} vhost\n"; } } @@ -242,4 +261,17 @@ function squid_resync_reverse() { return $conf; } +function squid_refresh_crl() +{ + global $config; + if (isset($settings["reverse_check_clientca"]) && $settings["reverse_check_clientca"] == "on") { + $crl=lookup_crl($settings["reverse_ssl_clientcrl"]); + crl_update($crl); + if ( $crl != false){ + if(base64_decode($crl['text'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl",base64_decode($crl['text'])); + } + } + } +} ?> |