From 4ac09def4160c485483bf5f62e8c48c7489fc5eb Mon Sep 17 00:00:00 2001
From: Eirik Oeverby <ltning@anduin.net>
Date: Tue, 10 Mar 2009 20:05:30 +0100
Subject: Added certificate management

Major change which allows assigning certificates to tunnels.
Certificates are managed on a separate tab, but they must be manually
generated on another system and pasted in along with RSA keys.

Certificate status display lists status including days until expiry.
---
 config/stunnel/stunnel_certs.xml | 147 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 147 insertions(+)
 create mode 100644 config/stunnel/stunnel_certs.xml

(limited to 'config/stunnel/stunnel_certs.xml')

diff --git a/config/stunnel/stunnel_certs.xml b/config/stunnel/stunnel_certs.xml
new file mode 100644
index 00000000..3d7cc3fa
--- /dev/null
+++ b/config/stunnel/stunnel_certs.xml
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+        <copyright>
+        <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+    stunnel.xml
+    part of pfSense (http://www.pfSense.com)
+    Copyright (C) 2007-2008 Scott Ullrich
+    All rights reserved.
+                                                                              */
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+        ]]>
+        </copyright>
+    <description>Stunnel certificates</description>
+    <requirements>Describe your package requirements here</requirements>
+    <faq>Currently there are no FAQ items provided.</faq>
+	<name>stunnelcerts</name>
+	<version>4.18</version>
+	<title>Services: Secure Tunnel - Certificates</title>
+	<!-- configpath gets expanded out automatically and config items will be
+         stored in that location -->
+	<configpath>['installedpackages']['package']['$packagename']['configuration']</configpath>
+
+	<tabs>
+		<tab>
+			<text>Tunnels</text>
+			<url>/pkg.php?xml=stunnel.xml</url>
+		</tab>
+		<tab>
+			<text>Certificates</text>
+			<url>/pkg.php?xml=stunnel_certs.xml</url>
+			<active/>
+		</tab>
+	</tabs>
+
+	<!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit
+         items.  An example of this would be the nat page where you add new nat redirects -->
+	<adddeleteeditpagefields>
+		<columnitem>
+			<fielddescr>Description</fielddescr>
+			<fieldname>description</fieldname>
+		</columnitem>
+		<columnitem>
+			<fielddescr>Subject</fielddescr>
+			<fieldname>subject</fieldname>
+		</columnitem>
+<!--		<columnitem>
+			<fielddescr>Valid until</fielddescr>
+			<fieldname>expiry</fieldname>
+		</columnitem> -->
+		<columnitem>
+			<fielddescr>Status</fielddescr>
+			<fieldname>status</fieldname>
+		</columnitem>
+
+	</adddeleteeditpagefields>
+	<!-- fields gets invoked when the user adds or edits a item.   the following items
+         will be parsed and rendered for the user as a gui with input, and selectboxes. -->
+	<fields>
+		<field>
+			<fielddescr>Description</fielddescr>
+			<fieldname>description</fieldname>
+			<description>Enter a (short) description for this certificate</description>
+			<type>input</type>
+		</field>
+		<field>
+			<fielddescr>Certificate filename</fielddescr>
+			<fieldname>filename</fieldname>
+			<description>File name of certificate (read-only; updated on save). Extensions (.pem, .chain, .key) are added automatically.</description>
+			<type>input</type>
+		</field>
+		<field>
+			<fielddescr>Certificate subject</fielddescr>
+			<fieldname>subject</fieldname>
+			<description>Certificate subject (read-only; updated on save)</description>
+			<type>input</type>
+			<size>50</size>
+		</field>
+		<field>
+			<fielddescr>Certificate valid until</fielddescr>
+			<fieldname>expiry</fieldname>
+			<description>The certificate will expire on this date, and will no longer work.</description>
+			<type>input</type>
+		</field>
+		<field>
+			<fielddescr>RSA private key</fielddescr>
+			<fieldname>cert_key</fieldname>
+			<description>RSA private key used for certificate. Do not change for existing certificates!&lt;br&gt;
+							&lt;b&gt;Leave blank to automatically create key and certificate signing request on save.&lt;/b&gt;</description>
+			<type>textarea</type>
+			<rows>7</rows>
+			<cols>65</cols>
+		</field>
+		<field>
+			<fielddescr>Certificate chain</fielddescr>
+			<fieldname>cert_chain</fieldname>
+			<description>Full certificate chain; root certificate on top, then any intermediates, server certificate at the end.&lt;br&gt;
+							&lt;b&gt;Full chain required for private or EV certificates!&lt;/b&gt;</description>
+			<type>textarea</type>
+			<rows>7</rows>
+			<cols>65</cols>
+		</field>
+	</fields>
+	
+	<include_file>/usr/local/pkg/stunnel.inc</include_file>
+	<custom_add_php_command>
+		stunnel_save_cert($config);
+		stunnel_save($config);
+	</custom_add_php_command>
+	<custom_php_command_before_form>
+		stunnel_printcsr();
+	</custom_php_command_before_form>
+	<custom_php_after_form_command>
+		stunnel_disablefields();
+	</custom_php_after_form_command>
+	<custom_delete_php_command>
+		stunnel_delete($config);
+	</custom_delete_php_command>
+
+</packagegui>
-- 
cgit v1.2.3