Add contributed patch to optionally encrypt the key for Viscosity bundles. Fixes #2032

2 files changed, 14 insertions, 3 deletions

diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 234d7326..b9ac8866 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -541,8 +541,19 @@ EOF;
 		file_put_contents($crtfile, base64_decode($cert['crt']));
 
 		// write user .key
-		$keyfile = "{$tempdir}/key.key";
-		file_put_contents($keyfile, base64_decode($cert['prv']));
+		if (!empty($outpass)) {
+			$keyfile = "{$tempdir}/key.key";
+			$clearkeyfile = "{$tempdir}/key-clear.key";
+			file_put_contents($clearkeyfile, base64_decode($cert['prv']));
+			$eoutpass = escapeshellarg($outpass);
+			$ekeyfile = escapeshellarg($keyfile);
+			$eclearkeyfile = escapeshellarg($clearkeyfile);
+			exec("/usr/bin/openssl rsa -in ${eclearkeyfile} -out ${ekeyfile} -des3 -passout pass:${eoutpass}");
+			unlink($clearkeyfile);
+		} else {
+			$keyfile = "{$tempdir}/key.key";
+			file_put_contents($keyfile, base64_decode($cert['prv']));
+		}
 	}
 
 	// TLS support?
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 5a41b85d..43ed56fd 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -673,7 +673,7 @@ function useproxy_changed(obj) {
 									</td>
 									<td>
 										<span class="vexpl">
-											Use a password to protect the pkcs12 file contents.
+											Use a password to protect the pkcs12 file contents or key in Viscosity bundle.
 										</span>
 									</td>
 								</tr>