aboutsummaryrefslogtreecommitdiffstats
path: root/config/imspector-wip
diff options
context:
space:
mode:
authorBill Marquette <bill.marquette@gmail.com>2011-07-15 12:31:06 -0500
committerBill Marquette <bill.marquette@gmail.com>2011-07-15 12:31:06 -0500
commit6d42ec03dc985833a1aac276fff7a211986c9863 (patch)
tree6c0dee82b999204bafbe978e773e89dafe5383d7 /config/imspector-wip
parent133d2b3c61b95e42819b8898d2b23ef8c16152c7 (diff)
downloadpfsense-packages-6d42ec03dc985833a1aac276fff7a211986c9863.tar.gz
pfsense-packages-6d42ec03dc985833a1aac276fff7a211986c9863.tar.bz2
pfsense-packages-6d42ec03dc985833a1aac276fff7a211986c9863.zip
Use builtin certificate store
Diffstat (limited to 'config/imspector-wip')
-rw-r--r--config/imspector-wip/imspector.inc62
-rw-r--r--config/imspector-wip/imspector.xml35
2 files changed, 57 insertions, 40 deletions
diff --git a/config/imspector-wip/imspector.inc b/config/imspector-wip/imspector.inc
index 4be1e2ee..2151755e 100644
--- a/config/imspector-wip/imspector.inc
+++ b/config/imspector-wip/imspector.inc
@@ -227,26 +227,33 @@
}
// Handle Jabber SSL options
- if($imspector_config["ssl_ca_key"] &&
- $imspector_config["ssl_ca_cert"] &&
- $imspector_config["serverkey"]) {
+ if(isset($imspector_config["ssl_ca_cert"]) && $imspector_config["ssl_ca_cert"] != "none" &&
+ isset($imspector_config["ssl_server_cert"]) && $imspector_config["ssl_server_cert"] != "none") {
$conf['ssl'] = "on";
if(!is_dir("/usr/local/etc/imspector/ssl"))
mkdir("/usr/local/etc/imspector/ssl");
- if(base64_decode($imspector_config["ssl_ca_key"])) {
- file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_key.pem",
- base64_decode($imspector_config["ssl_ca_key"]));
- $conf['ssl_ca_key'] = '/usr/local/etc/imspector/ssl/ssl_ca_key.pem';
- }
- if(base64_decode($imspector_config["ssl_ca_cert"])) {
- file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_cert.pem",
- base64_decode($imspector_config["ssl_ca_cert"]));
- $conf['ssl_ca_key'] = "/usr/local/etc/imspector/ssl/ssl_ca_cert.pem";
- }
- if(base64_decode($imspector_config["serverkey"])) {
- file_put_contents("/usr/local/etc/imspector/ssl/serverkey.pem",
- base64_decode($imspector_config["serverkey"]));
- $conf['ssl_key'] = '/usr/local/etc/imspector/ssl/serverkey.pem';
+
+ $ca_cert = lookup_ca($imspector_config["ssl_ca_cert"]);
+ if ($ca_cert != false) {
+ if(base64_decode($ca_cert['prv'])) {
+ file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_key.pem",
+ base64_decode($ca_cert['prv']));
+ $conf['ssl_ca_key'] = '/usr/local/etc/imspector/ssl/ssl_ca_key.pem';
+ }
+ if(base64_decode($ca_cert['crt'])) {
+ file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_cert.pem",
+ base64_decode($ca_cert['crt']));
+ $conf['ssl_ca_key'] = "/usr/local/etc/imspector/ssl/ssl_ca_cert.pem";
+ }
+ $svr_cert = lookup_cert($imspector_config["ssl_server_cert"]);
+ if ($svr_cert != false) {
+ if(base64_decode($svr_cert['prv'])) {
+ file_put_contents("/usr/local/etc/imspector/ssl/ssl_server_key.pem",
+ base64_decode($svr_cert['prv']));
+ $conf['ssl_key'] = '/usr/local/etc/imspector/ssl/ssl_server_key.pem';
+ }
+
+ }
}
} else {
// SSL Not enabled. Make sure Jabber-SSL is not processed.
@@ -318,4 +325,25 @@ EOD;
config_unlock();
}
+ function imspector_get_ca_certs() {
+ global $config;
+
+ $ca_arr = array();
+ $ca_arr[] = array('refid' => 'none', 'descr' => 'none');
+ foreach ($config['ca'] as $ca) {
+ $ca_arr[] = array('refid' => $ca['refid'], 'descr' => $ca['descr']);
+ }
+ return $ca_arr;
+ }
+
+ function imspector_get_server_certs() {
+ global $config;
+ $cert_arr = array();
+ $cert_arr[] = array('refid' => 'none', 'descr' => 'none');
+
+ foreach ($config['cert'] as $cert) {
+ $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']);
+ }
+ return $cert_arr;
+ }
?> \ No newline at end of file
diff --git a/config/imspector-wip/imspector.xml b/config/imspector-wip/imspector.xml
index 2c258a60..20c661cd 100644
--- a/config/imspector-wip/imspector.xml
+++ b/config/imspector-wip/imspector.xml
@@ -100,7 +100,7 @@
<fieldname>proto_array</fieldname>
<description>You can use the CTRL or COMMAND key to select multiple protocols. NOTE: Gtalk/Jabber-SSL requires SSL certificates.</description>
<type>select</type>
- <size>4</size>
+ <size>7</size>
<required/>
<multiple>true</multiple>
<options>
@@ -168,36 +168,25 @@
</field>
<field>
<fielddescr>SSL Certificate</fielddescr>
- <fieldname>serverkey</fieldname>
+ <fieldname>ssl_server_cert</fieldname>
<description>
- Enter the SSL Server Certificate here.
+ Choose the SSL Server Certificate here.
</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <rows>5</rows>
- <cols>40</cols>
- </field>
- <field>
- <fielddescr>SSL CA Key</fielddescr>
- <fieldname>ssl_ca_key</fieldname>
- <description>
- Enter the SSL CA key here.
- </description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <rows>5</rows>
- <cols>40</cols>
+ <type>select_source</type>
+ <source><![CDATA[imspector_get_server_certs()]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
</field>
<field>
<fielddescr>SSL CA Certificate</fielddescr>
<fieldname>ssl_ca_cert</fieldname>
<description>
- Enter the SSL CA Certficate here.
+ Choose the SSL CA Certficate here.
</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <rows>5</rows>
- <cols>40</cols>
+ <type>select_source</type>
+ <source><![CDATA[imspector_get_ca_certs()]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
</field>
<field>
<fielddescr>Enable bad word filtering</fielddescr>