diff options
| author | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-30 21:34:02 +0200 |
|---|---|---|
| committer | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-30 21:34:02 +0200 |
| commit | f2148bae9112023991f085e790f0361d61e047b1 (patch) | |
| tree | 13626b58b1873615bae66973c483557a3753968f /config | |
| parent | bf995ed3b06f77503ebddfdd841e70656e7356d2 (diff) | |
| download | pfsense-packages-f2148bae9112023991f085e790f0361d61e047b1.tar.gz pfsense-packages-f2148bae9112023991f085e790f0361d61e047b1.tar.bz2 pfsense-packages-f2148bae9112023991f085e790f0361d61e047b1.zip | |
add intermediate CA
Diffstat (limited to 'config')
| -rw-r--r-- | config/squid-reverse/squid.inc | 5 | ||||
| -rw-r--r-- | config/squid-reverse/squid_reverse.xml | 11 |
2 files changed, 15 insertions, 1 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 43ce8bcd..044cf10b 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -985,6 +985,11 @@ function squid_resync_reverse() { base64_decode($svr_cert['prv'])); $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; }}} + + if (!empty($settings['reverse_int_ca'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n",FILE_APPEND | LOCK_EX); + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",base64_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); + } $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); $real_ifaces = array(); diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index 8f7686f1..cafa3ec7 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -136,7 +136,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, squid will act as an accelerator/SSL offload for Outlook Web Access.</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -164,6 +164,15 @@ <source_name>descr</source_name> <source_value>refid</source_value> </field> + <field> + <fielddescr>intermediate CA certificate</fielddescr> + <fieldname>reverse_int_ca</fieldname> + <description>Paste a signed certificate in X.509 PEM format here.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> <field> <fielddescr>Reset TCP connections if request is unauthorized</fielddescr> <fieldname>deny_info_tcp_reset</fieldname> |