aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-11-21 11:09:21 -0200
committerRenato Botelho <garga@FreeBSD.org>2014-11-21 11:09:21 -0200
commitb4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5 (patch)
tree35d79b1983e294cf8966e8a4d8937c4bf1a27a6d
parent3c3c23fa27438a101f32a0a33b8f0b054af8f295 (diff)
parent7c6bdcb88f5d0a57fdc9c0b2025260b556005655 (diff)
downloadpfsense-packages-b4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5.tar.gz
pfsense-packages-b4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5.tar.bz2
pfsense-packages-b4a05e7ac1e36569ce30a266b5a16dd74f3c7ac5.zip
Merge pull request #726 from alainabbas/patch-1
-rwxr-xr-xconfig/squid3/33/squid_reverse.inc36
1 files changed, 34 insertions, 2 deletions
diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc
index 1332f220..152d3d12 100755
--- a/config/squid3/33/squid_reverse.inc
+++ b/config/squid3/33/squid_reverse.inc
@@ -58,8 +58,27 @@ function squid_resync_reverse() {
$reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key";
}
}
+ }
+ //Add Ca certificate for Client Validation
+ if (isset($settings["reverse_check_clientca"]) && $settings["reverse_check_clientca"] == "on") {
+ $clientca_cert=lookup_ca($settings["reverse_ssl_clientca"]);
+ $clientca_prm='';
+ if ( $clientca_cert != false){
+ if(base64_decode($clientca_cert['crt'])) {
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientca"]}.crt",sq_text_area_decode($clientca_cert['crt']));
+ $clientca_prm = "clientca=" . SQUID_CONFBASE . "/{$settings["reverse_ssl_clientca"]}.crt ";
+ }
+ }
+ $crl=lookup_crl($settings["reverse_ssl_clientcrl"]);
+ crl_update($crl);
+ if ( $crl != false){
+ if(base64_decode($crl['text'])) {
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl",base64_decode($crl['text']));
+ $clientca_prm .= "crlfile=" . SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl sslflags=VERIFY_CRL ";
+ }
+ }
}
-
+
if (!empty($settings['reverse_int_ca']))
file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX);
@@ -82,7 +101,7 @@ function squid_resync_reverse() {
$conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n";
//HTTPS
if (!empty($settings['reverse_https']))
- $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n";
+ $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} ".$clientca_prm."key={$reverse_key} defaultsite={$https_defsite} vhost\n";
}
}
@@ -242,4 +261,17 @@ function squid_resync_reverse() {
return $conf;
}
+function squid_refresh_crl()
+{
+ global $config;
+ if (isset($settings["reverse_check_clientca"]) && $settings["reverse_check_clientca"] == "on") {
+ $crl=lookup_crl($settings["reverse_ssl_clientcrl"]);
+ crl_update($crl);
+ if ( $crl != false){
+ if(base64_decode($crl['text'])) {
+ file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl",base64_decode($crl['text']));
+ }
+ }
+ }
+}
?>