aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-30 21:34:02 +0200
committerMartin Fuchs <martin.fuchs@trendchiller.com>2011-09-30 21:34:02 +0200
commitf2148bae9112023991f085e790f0361d61e047b1 (patch)
tree13626b58b1873615bae66973c483557a3753968f
parentbf995ed3b06f77503ebddfdd841e70656e7356d2 (diff)
downloadpfsense-packages-f2148bae9112023991f085e790f0361d61e047b1.tar.gz
pfsense-packages-f2148bae9112023991f085e790f0361d61e047b1.tar.bz2
pfsense-packages-f2148bae9112023991f085e790f0361d61e047b1.zip
add intermediate CA
-rw-r--r--config/squid-reverse/squid.inc5
-rw-r--r--config/squid-reverse/squid_reverse.xml11
2 files changed, 15 insertions, 1 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 43ce8bcd..044cf10b 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -985,6 +985,11 @@ function squid_resync_reverse() {
base64_decode($svr_cert['prv']));
$reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key";
}}}
+
+ if (!empty($settings['reverse_int_ca'])) {
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n",FILE_APPEND | LOCK_EX);
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",base64_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX);
+ }
$ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan');
$real_ifaces = array();
diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml
index 8f7686f1..cafa3ec7 100644
--- a/config/squid-reverse/squid_reverse.xml
+++ b/config/squid-reverse/squid_reverse.xml
@@ -136,7 +136,7 @@
<fieldname>reverse_https</fieldname>
<description>If this field is checked, squid will act as an accelerator/SSL offload for Outlook Web Access.</description>
<type>checkbox</type>
- <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid</enablefields>
+ <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid,reverse_ssl_chain</enablefields>
<required/>
<default_value>off</default_value>
</field>
@@ -164,6 +164,15 @@
<source_name>descr</source_name>
<source_value>refid</source_value>
</field>
+ <field>
+ <fielddescr>intermediate CA certificate</fielddescr>
+ <fieldname>reverse_int_ca</fieldname>
+ <description>Paste a signed certificate in X.509 PEM format here.</description>
+ <type>textarea</type>
+ <cols>50</cols>
+ <rows>5</rows>
+ <encoding>base64</encoding>
+ </field>
<field>
<fielddescr>Reset TCP connections if request is unauthorized</fielddescr>
<fieldname>deny_info_tcp_reset</fieldname>