aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordoktornotor <notordoktor@gmail.com>2015-11-28 22:19:06 +0100
committerdoktornotor <notordoktor@gmail.com>2015-11-28 22:19:06 +0100
commit257dc468c1cd5fb045cec6002476747dc3fc8334 (patch)
treea3f94bee138f27e7977d7093a35c173a93fce6c5
parent0cb82b54b7427254fe8c53be9ce74a0a58b6fa7c (diff)
downloadpfsense-packages-257dc468c1cd5fb045cec6002476747dc3fc8334.tar.gz
pfsense-packages-257dc468c1cd5fb045cec6002476747dc3fc8334.tar.bz2
pfsense-packages-257dc468c1cd5fb045cec6002476747dc3fc8334.zip
Re-enable SSL/MITM junk even without transparent proxy
-rwxr-xr-xconfig/squid3/34/squid.inc11
1 files changed, 4 insertions, 7 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index 763fe34c..f5ed51ca 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -794,9 +794,6 @@ function squid_validate_general($post, &$input_errors) {
}
if ($post['ssl_proxy'] == 'on') {
- if ($post['transparent_proxy'] != 'on') {
- $input_errors[] = "SSL interception cannot be enabled without enabling 'Transparent HTTP Proxy'.";
- }
if ($post['dca'] == 'none') {
$input_errors[] = "SSL interception cannot be enabled without a CA.";
}
@@ -804,16 +801,16 @@ function squid_validate_general($post, &$input_errors) {
$input_errors[] = "You must select at least one interface under 'SSL Intercept Interface(s)' when 'HTTPS/SSL Interception' is enabled.";
} else {
// allow HTTPS/SSL Interception only on interfaces where transparent proxy is enabled
- $t_ifaces = $post['transparent_active_interface'] ?: array();
+ $a_ifaces = $post['active_interface'] ?: array();
$s_ifaces = $post['ssl_active_interface'];
foreach ($s_ifaces as $s_iface) {
- if (!in_array($s_iface, $t_ifaces)) {
+ if (!in_array($s_iface, $a_ifaces)) {
$err_iface = convert_friendly_interface_to_friendly_descr($s_iface);
- $input_errors[] = "'SSL Intercept Interface(s)' may only contain interfaces also selected in 'Transparent Proxy Interface(s)' above. '{$err_iface}' is not valid.";
+ $input_errors[] = "'SSL Intercept Interface(s)' may only contain interfaces also selected in 'Proxy Interface(s)' above. '{$err_iface}' is not valid.";
unset($err_iface);
}
}
- unset($t_ifaces, $s_ifaces, $s_iface);
+ unset($a_ifaces, $s_ifaces, $s_iface);
}
}