aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2011-11-22 13:50:12 -0500
committerjim-p <jimp@pfsense.org>2011-11-22 13:50:12 -0500
commit29d06ea57694cd1dc9ee59f395edb6436e04eec8 (patch)
tree634ce691d9cb920f9b8a3af673ba79c9c6206254
parenta47f428c201a32f85e4c4bde640f825e681702a3 (diff)
downloadpfsense-packages-29d06ea57694cd1dc9ee59f395edb6436e04eec8.tar.gz
pfsense-packages-29d06ea57694cd1dc9ee59f395edb6436e04eec8.tar.bz2
pfsense-packages-29d06ea57694cd1dc9ee59f395edb6436e04eec8.zip
If we can determine that the server cert has nsCertType=server, then add ns-cert-type server to the client config.
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc9
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
3 files changed, 11 insertions, 2 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index a69826ba..234d7326 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -230,6 +230,15 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
// - Disable for now, it requires the server cert to include special options
//$conf .= "remote-cert-tls server{$nl}";
+ // Extra protection for the server cert, if it's supported
+ if (function_exists("cert_get_purpose")) {
+ if (is_array($server_cert) && ($server_cert['crt'])) {
+ $purpose = cert_get_purpose($server_cert['crt'], true);
+ if ($purpose['server'] == 'Yes')
+ $conf .= "ns-cert-type server";
+ }
+ }
+
// add optional settings
if ($settings['compression'])
$conf .= "comp-lzo{$nl}";
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index c313495c..bd21929a 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1008,7 +1008,7 @@
</depends_on_package_pbi>
<build_port_path>/usr/ports/archivers/p7zip</build_port_path>
<build_port_path>/usr/ports/archivers/zip</build_port_path>
- <version>0.9.5</version>
+ <version>0.9.6</version>
<status>BETA</status>
<required_version>2.0</required_version>
<config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index ce1d4237..f7313d05 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -969,7 +969,7 @@
<depends_on_package>zip-3.0.tbz</depends_on_package>
<build_port_path>/usr/ports/archivers/p7zip</build_port_path>
<build_port_path>/usr/ports/archivers/zip</build_port_path>
- <version>0.9.5</version>
+ <version>0.9.6</version>
<status>BETA</status>
<required_version>2.0</required_version>
<config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file>