diff options
author | doktornotor <notordoktor@gmail.com> | 2015-11-28 22:19:06 +0100 |
---|---|---|
committer | doktornotor <notordoktor@gmail.com> | 2015-11-28 22:19:06 +0100 |
commit | 257dc468c1cd5fb045cec6002476747dc3fc8334 (patch) | |
tree | a3f94bee138f27e7977d7093a35c173a93fce6c5 /config | |
parent | 0cb82b54b7427254fe8c53be9ce74a0a58b6fa7c (diff) | |
download | pfsense-packages-257dc468c1cd5fb045cec6002476747dc3fc8334.tar.gz pfsense-packages-257dc468c1cd5fb045cec6002476747dc3fc8334.tar.bz2 pfsense-packages-257dc468c1cd5fb045cec6002476747dc3fc8334.zip |
Re-enable SSL/MITM junk even without transparent proxy
Diffstat (limited to 'config')
-rwxr-xr-x | config/squid3/34/squid.inc | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 763fe34c..f5ed51ca 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -794,9 +794,6 @@ function squid_validate_general($post, &$input_errors) { } if ($post['ssl_proxy'] == 'on') { - if ($post['transparent_proxy'] != 'on') { - $input_errors[] = "SSL interception cannot be enabled without enabling 'Transparent HTTP Proxy'."; - } if ($post['dca'] == 'none') { $input_errors[] = "SSL interception cannot be enabled without a CA."; } @@ -804,16 +801,16 @@ function squid_validate_general($post, &$input_errors) { $input_errors[] = "You must select at least one interface under 'SSL Intercept Interface(s)' when 'HTTPS/SSL Interception' is enabled."; } else { // allow HTTPS/SSL Interception only on interfaces where transparent proxy is enabled - $t_ifaces = $post['transparent_active_interface'] ?: array(); + $a_ifaces = $post['active_interface'] ?: array(); $s_ifaces = $post['ssl_active_interface']; foreach ($s_ifaces as $s_iface) { - if (!in_array($s_iface, $t_ifaces)) { + if (!in_array($s_iface, $a_ifaces)) { $err_iface = convert_friendly_interface_to_friendly_descr($s_iface); - $input_errors[] = "'SSL Intercept Interface(s)' may only contain interfaces also selected in 'Transparent Proxy Interface(s)' above. '{$err_iface}' is not valid."; + $input_errors[] = "'SSL Intercept Interface(s)' may only contain interfaces also selected in 'Proxy Interface(s)' above. '{$err_iface}' is not valid."; unset($err_iface); } } - unset($t_ifaces, $s_ifaces, $s_iface); + unset($a_ifaces, $s_ifaces, $s_iface); } } |