diff options
author | Ermal Luçi <eri@pfsense.org> | 2014-02-19 10:22:52 +0100 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2014-02-19 10:22:52 +0100 |
commit | 264f50db69f448739f7cbce8a15dd1a9af718837 (patch) | |
tree | ce2af3a14cc3f686584335b50b488cce1f9cf735 | |
parent | 097471e282e1e6066ee29c1ea5e12374ba077287 (diff) | |
parent | 9a33bc918c1078402479101249b770ebc7e64d6b (diff) | |
download | pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.tar.gz pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.tar.bz2 pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.zip |
Merge pull request #576 from darksoul42/master
Separate CAs for client certs and server cert chain
-rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 9 | ||||
-rw-r--r-- | config/apache_mod_security-dev/apache_virtualhost.xml | 14 |
2 files changed, 19 insertions, 4 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 31be95cf..2728e2e9 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -569,9 +569,14 @@ EOF; $vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key\n"; } } - $svr_ca =lookup_ca($virtualhost["reverse_int_ca"]); + $svr_ca =lookup_ca($virtualhost["ssl_cert_chain"]); if ($svr_ca != false) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + $vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt\n"; + } + $cli_ca =lookup_ca($virtualhost["reverse_int_ca"]); + if ($cli_ca != false) { + file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt\n"; } } diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 747ef975..7851e683 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -267,9 +267,19 @@ <show_disable_value>none</show_disable_value> </field> <field> - <fielddescr>Intermediate CA certificate (optional)</fielddescr> + <fielddescr>HTTPS SSL certificate chain</fielddescr> + <fieldname>ssl_cert_chain</fieldname> + <description>Select intermediate CA assigned to server certificate. Not all certificates require this.</description> + <type>select_source</type> + <source><![CDATA[$config['ca']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + <show_disable_value>none</show_disable_value> + </field> + <field> + <fielddescr>Client certificates CA (optional)</fielddescr> <fieldname>reverse_int_ca</fieldname> - <description>Select intermediate CA assigned to certificate. Not all certificates require this.</description> + <description>Select CA assigned to client certificates.</description> <type>select_source</type> <source><![CDATA[$config['ca']]]></source> <source_name>descr</source_name> |