diff options
| author | Bill Marquette <bill.marquette@gmail.com> | 2011-07-15 12:31:06 -0500 |
|---|---|---|
| committer | Bill Marquette <bill.marquette@gmail.com> | 2011-07-15 12:31:06 -0500 |
| commit | 6d42ec03dc985833a1aac276fff7a211986c9863 (patch) | |
| tree | 6c0dee82b999204bafbe978e773e89dafe5383d7 | |
| parent | 133d2b3c61b95e42819b8898d2b23ef8c16152c7 (diff) | |
| download | pfsense-packages-6d42ec03dc985833a1aac276fff7a211986c9863.tar.gz pfsense-packages-6d42ec03dc985833a1aac276fff7a211986c9863.tar.bz2 pfsense-packages-6d42ec03dc985833a1aac276fff7a211986c9863.zip | |
Use builtin certificate store
| -rw-r--r-- | config/imspector-wip/imspector.inc | 62 | ||||
| -rw-r--r-- | config/imspector-wip/imspector.xml | 35 |
2 files changed, 57 insertions, 40 deletions
diff --git a/config/imspector-wip/imspector.inc b/config/imspector-wip/imspector.inc index 4be1e2ee..2151755e 100644 --- a/config/imspector-wip/imspector.inc +++ b/config/imspector-wip/imspector.inc @@ -227,26 +227,33 @@ } // Handle Jabber SSL options - if($imspector_config["ssl_ca_key"] && - $imspector_config["ssl_ca_cert"] && - $imspector_config["serverkey"]) { + if(isset($imspector_config["ssl_ca_cert"]) && $imspector_config["ssl_ca_cert"] != "none" && + isset($imspector_config["ssl_server_cert"]) && $imspector_config["ssl_server_cert"] != "none") { $conf['ssl'] = "on"; if(!is_dir("/usr/local/etc/imspector/ssl")) mkdir("/usr/local/etc/imspector/ssl"); - if(base64_decode($imspector_config["ssl_ca_key"])) { - file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_key.pem", - base64_decode($imspector_config["ssl_ca_key"])); - $conf['ssl_ca_key'] = '/usr/local/etc/imspector/ssl/ssl_ca_key.pem'; - } - if(base64_decode($imspector_config["ssl_ca_cert"])) { - file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_cert.pem", - base64_decode($imspector_config["ssl_ca_cert"])); - $conf['ssl_ca_key'] = "/usr/local/etc/imspector/ssl/ssl_ca_cert.pem"; - } - if(base64_decode($imspector_config["serverkey"])) { - file_put_contents("/usr/local/etc/imspector/ssl/serverkey.pem", - base64_decode($imspector_config["serverkey"])); - $conf['ssl_key'] = '/usr/local/etc/imspector/ssl/serverkey.pem'; + + $ca_cert = lookup_ca($imspector_config["ssl_ca_cert"]); + if ($ca_cert != false) { + if(base64_decode($ca_cert['prv'])) { + file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_key.pem", + base64_decode($ca_cert['prv'])); + $conf['ssl_ca_key'] = '/usr/local/etc/imspector/ssl/ssl_ca_key.pem'; + } + if(base64_decode($ca_cert['crt'])) { + file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_cert.pem", + base64_decode($ca_cert['crt'])); + $conf['ssl_ca_key'] = "/usr/local/etc/imspector/ssl/ssl_ca_cert.pem"; + } + $svr_cert = lookup_cert($imspector_config["ssl_server_cert"]); + if ($svr_cert != false) { + if(base64_decode($svr_cert['prv'])) { + file_put_contents("/usr/local/etc/imspector/ssl/ssl_server_key.pem", + base64_decode($svr_cert['prv'])); + $conf['ssl_key'] = '/usr/local/etc/imspector/ssl/ssl_server_key.pem'; + } + + } } } else { // SSL Not enabled. Make sure Jabber-SSL is not processed. @@ -318,4 +325,25 @@ EOD; config_unlock(); } + function imspector_get_ca_certs() { + global $config; + + $ca_arr = array(); + $ca_arr[] = array('refid' => 'none', 'descr' => 'none'); + foreach ($config['ca'] as $ca) { + $ca_arr[] = array('refid' => $ca['refid'], 'descr' => $ca['descr']); + } + return $ca_arr; + } + + function imspector_get_server_certs() { + global $config; + $cert_arr = array(); + $cert_arr[] = array('refid' => 'none', 'descr' => 'none'); + + foreach ($config['cert'] as $cert) { + $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']); + } + return $cert_arr; + } ?>
\ No newline at end of file diff --git a/config/imspector-wip/imspector.xml b/config/imspector-wip/imspector.xml index 2c258a60..20c661cd 100644 --- a/config/imspector-wip/imspector.xml +++ b/config/imspector-wip/imspector.xml @@ -100,7 +100,7 @@ <fieldname>proto_array</fieldname> <description>You can use the CTRL or COMMAND key to select multiple protocols. NOTE: Gtalk/Jabber-SSL requires SSL certificates.</description> <type>select</type> - <size>4</size> + <size>7</size> <required/> <multiple>true</multiple> <options> @@ -168,36 +168,25 @@ </field> <field> <fielddescr>SSL Certificate</fielddescr> - <fieldname>serverkey</fieldname> + <fieldname>ssl_server_cert</fieldname> <description> - Enter the SSL Server Certificate here. + Choose the SSL Server Certificate here. </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> - </field> - <field> - <fielddescr>SSL CA Key</fielddescr> - <fieldname>ssl_ca_key</fieldname> - <description> - Enter the SSL CA key here. - </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> + <type>select_source</type> + <source><![CDATA[imspector_get_server_certs()]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> </field> <field> <fielddescr>SSL CA Certificate</fielddescr> <fieldname>ssl_ca_cert</fieldname> <description> - Enter the SSL CA Certficate here. + Choose the SSL CA Certficate here. </description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>5</rows> - <cols>40</cols> + <type>select_source</type> + <source><![CDATA[imspector_get_ca_certs()]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> </field> <field> <fielddescr>Enable bad word filtering</fielddescr> |