aboutsummaryrefslogtreecommitdiffstats
path: root/config/haproxy-devel
diff options
context:
space:
mode:
authorPiBa-NL <pba_2k3@yahoo.com>2014-02-18 19:40:27 +0100
committerPiBa-NL <pba_2k3@yahoo.com>2014-02-18 19:40:27 +0100
commit3b2e843e625ab989c6491694f1bd7a5e895d88cc (patch)
treee6e2c29dba0515b49628a96e60c93f32195f8cd2 /config/haproxy-devel
parent048bb82a0e2c814da90816657ecedf59fedf8dbd (diff)
downloadpfsense-packages-3b2e843e625ab989c6491694f1bd7a5e895d88cc.tar.gz
pfsense-packages-3b2e843e625ab989c6491694f1bd7a5e895d88cc.tar.bz2
pfsense-packages-3b2e843e625ab989c6491694f1bd7a5e895d88cc.zip
haproxy-devel, use same checks to show if acl's are used and for writing the configuration file
Diffstat (limited to 'config/haproxy-devel')
-rw-r--r--config/haproxy-devel/haproxy.inc72
-rw-r--r--config/haproxy-devel/haproxy_listeners.php4
2 files changed, 41 insertions, 35 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index d039b55a..24be5363 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -898,10 +898,8 @@ function haproxy_writeconf($configpath) {
$default_backend = "";
$i = 0;
foreach ($bind['config'] as $frontend) {
- $a_acl=&$frontend['ha_acls']['item'];
- if(!is_array($a_acl))
- $a_acl=array();
-
+ $a_acl = &get_frontend_acls($frontend);
+
$poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']);
// Create different pools if the svrport is set
@@ -913,31 +911,6 @@ function haproxy_writeconf($configpath) {
$a_pendingpl[$poolname]['name'] = $poolname;
$a_pendingpl[$poolname]['frontend'] = $frontend;
}
-
- if (strtolower($bind['type']) == "http" && $frontend['ssloffload']) {
- $aclname = "SNI_" . $poolname;
- if ($frontend['ssloffloadacl']){
- $cert = lookup_cert($frontend['ssloffloadcert']);
- $cert_cn = cert_get_cn($cert['crt']);
- $descr = haproxy_escape_acl_name($cert['descr']);
- $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
- unset($cert);
- }
- if ($frontend['ssloffloadacladditional']){
- $certs = $frontend['ha_certificates']['item'];
- if (is_array($certs)){
- if (count($certs) > 0){
- foreach($certs as $certref){
- $cert = lookup_cert($certref['ssl_certificate']);
- $cert_cn = cert_get_cn($cert['crt']);
- $descr = haproxy_escape_acl_name($cert['descr']);
- $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
- unset($cert);
- }
- }
- }
- }
- }
// Write this out once, and must be before any backend config text
if (($default_backend == "" || $frontend['secondary'] != 'yes') && count($a_acl) == 0 ) {
@@ -947,8 +920,8 @@ function haproxy_writeconf($configpath) {
// combine acl's with same name to allow for 'combined checks' to check for example hostname and fileextension together..
$a_acl_combine = array();
foreach ($a_acl as $entry) {
- $name = $entry['name'];
- $a_acl_combine[$name][] = $entry;
+ $name = $entry['ref']['name'];
+ $a_acl_combine[$name][] = $entry['ref'];
}
foreach ($a_acl_combine as $a_usebackend) {
@@ -1338,6 +1311,43 @@ function get_frontend_acls($frontend) {
$result[] = $acl_item;
}
}
+
+ $mainfrontend = get_primaryfrontend($frontend);
+ if (strtolower($mainfrontend['type']) == "http" && $mainfrontend['ssloffload']) {
+ $a_acl = &$frontend['ha_acls']['item'];
+ if(!is_array($a_acl))
+ $a_acl=array();
+
+ $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']);
+ $aclname = "SNI_" . $poolname;
+ if ($frontend['ssloffloadacl']){
+ $cert = lookup_cert($frontend['ssloffloadcert']);
+ $cert_cn = cert_get_cn($cert['crt']);
+ $descr = haproxy_escape_acl_name($cert['descr']);
+ unset($cert);
+ $acl_item = array();
+ $acl_item['descr'] = "Certificate ACL ".$cert_cn;
+ $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
+ $result[] = $acl_item;
+ }
+ if ($frontend['ssloffloadacladditional']){
+ $certs = $frontend['ha_certificates']['item'];
+ if (is_array($certs)){
+ if (count($certs) > 0){
+ foreach($certs as $certref){
+ $cert = lookup_cert($certref['ssl_certificate']);
+ $cert_cn = cert_get_cn($cert['crt']);
+ $descr = haproxy_escape_acl_name($cert['descr']);
+ unset($cert);
+ $acl_item = array();
+ $acl_item['descr'] = "Additional certificate ACLs: ".$cert_cn;
+ $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
+ $result[] = $acl_item;
+ }
+ }
+ }
+ }
+ }
return $result;
}
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index 2a1f12e6..ea289b1f 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -169,10 +169,6 @@ include("head.inc");
foreach ($acls as $acl) {
$isaclset .= "&#10;" . $acl['descr'];
}
- if ($frontend['ssloffloadacl'])
- $isaclset .= "&#10;" . "Certificate ACL";
- if ($frontend['ssloffloadacladditional'])
- $isaclset .= "&#10;" . "Additional certificate ACLs";
if ($isaclset)
echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\" />";