Invalid key/cert!'; } elseif($valid<30) { $_status='Expires in '.$valid.' days!'; } else { $_status='OK ('.$valid.' days)'; } $config['installedpackages']['stunnelcerts']['config'][$i]['status']=$_status; } else { unset($config['installedpackages']['stunnelcerts']['config'][$i]); } } } $tunnels=$config['installedpackages']['stunnel']['config']; is_array($tunnels) ? $num_tunnels=count($tunnels) : $num_tunnels=0; if(!isset($_GET['id']) and $num_tunnels) { for ($i=0;$i<$num_tunnels;$i++) { $tunnel=$tunnels[$i]; if($tunnel['certificate']) { $certid=0; if(is_array($config['installedpackages']['stunnelcerts']['config'])) { foreach($config['installedpackages']['stunnelcerts']['config'] as $cert) { if($tunnel['certificate']==$cert['filename']) $config['installedpackages']['stunnel']['config'][$i]['certificatelink']= ''.$cert['description'].''; $certid++; } } } } } function stunnel_printcsr() { # $GLOBALS['savemsg']="

" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'],true) . "

"; } function stunnel_addcerts($config) { $certs=$config['installedpackages']['stunnelcerts']['config']; $tunnels=$config['installedpackages']['stunnel']['config']; ?> /dev/null"); system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null"); } function stunnel_save_cert($config) { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; if(isset($_POST['id'])) { # echo "

";
#		print_r($_POST);
#		echo "

"; if(!$_POST['cert_chain']) { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate chain must be specified!
"; } if(!$_POST['cert_key']) { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="RSA Key must be specified!
"; } if($_POST['cert_chain'] and $_POST['cert_key']) { $_cert=openssl_x509_parse($_POST['cert_chain']); # echo("

");
#			print_r($_cert);
#			echo("

"); if($_cert['hash']) { if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', $_POST['cert_key']); file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain', $_POST['cert_chain']); file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', $_POST['cert_key']."\n".$_POST['cert_chain']); system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*'); chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600); chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600); $_POST['filename']=$_cert['hash']; $_POST['expiry_raw']=$_cert['validTo_time_t']; $_POST['expiry']=date('Y-m-d', $_cert['validTo_time_t']); $_POST['subject']=$_cert['name']; } else { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate and key do not match!
"; $_POST['filename']=''; } } else { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Couldn't parse certificate!
"; $_POST['expiry_raw']=''; $_POST['expiry']=''; $_POST['subject']=''; $_POST['filename']=''; } } $_POST['cert_key']=base64_encode($_POST['cert_key']); $_POST['cert_chain']=base64_encode($_POST['cert_chain']); $_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; if($_fname and $_fname!=$_POST['filename']) { unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain'); unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key'); unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem'); } } } function stunnel_install() { safe_mkdir(STUNNEL_ETCDIR); system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out " . STUNNEL_ETCDIR . "/stunnel.pem -keyout " . STUNNEL_ETCDIR . "/stunnel.pem 2>/dev/null"); chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600); @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); $_rcfile['file']='stunnel.sh'; $_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; $_rcfile['stop'].="killall stunnel \n\t"; write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); conf_mount_rw(); config_lock(); $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); if($config['installedpackages']['stunnel']['config']) { foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } } fclose($fout); conf_mount_ro(); config_unlock(); } function stunnel_deinstall() { rmdir_recursive("/var/tmp/stunnel"); rmdir_recursive(STUNNEL_ETCDIR); unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh"); } ?>