Invalid key/cert!'; } elseif ($valid < 30) { $_status = 'Expires in ' . $valid . ' days!'; } else { $_status = 'OK (' . $valid . ' days)'; } $config['installedpackages']['stunnelcerts']['config'][$i]['status'] = $_status; } else { unset($config['installedpackages']['stunnelcerts']['config'][$i]); } } } $tunnels = $config['installedpackages']['stunnel']['config']; is_array($tunnels) ? $num_tunnels = count($tunnels) : $num_tunnels = 0; if (!isset($_GET['id']) and $num_tunnels) { for ($i = 0; $i < $num_tunnels; $i++) { $tunnel = $tunnels[$i]; if ($tunnel['certificate']) { $certid = 0; if (is_array($config['installedpackages']['stunnelcerts']['config'])) { foreach ($config['installedpackages']['stunnelcerts']['config'] as $cert) { if ($tunnel['certificate'] == $cert['filename']) { $config['installedpackages']['stunnel']['config'][$i]['certificatelink']= '' . $cert['description'] . ''; } $certid++; } } } } } function stunnel_printcsr() { // $GLOBALS['savemsg'] = "

" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'], true) . "

"; } function stunnel_addcerts($config) { $certs=$config['installedpackages']['stunnelcerts']['config']; $tunnels=$config['installedpackages']['stunnel']['config']; ?> "; } if (!$_POST['cert_key']) { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "RSA Key must be specified!
"; } if ($_POST['cert_chain'] and $_POST['cert_key']) { $_cert = openssl_x509_parse($_POST['cert_chain']); if ($_cert['hash']) { if (openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { file_put_contents(STUNNEL_ETCDIR . '/'. $_cert['hash'] . '.key', $_POST['cert_key']); file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.chain', $_POST['cert_chain']); file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', $_POST['cert_key']."\n".$_POST['cert_chain']); system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*'); chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.key', 0600); chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', 0600); $_POST['filename'] = $_cert['hash']; $_POST['expiry_raw'] = $_cert['validTo_time_t']; $_POST['expiry'] = date('Y-m-d', $_cert['validTo_time_t']); $_POST['subject'] = $_cert['name']; } else { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate and key do not match!
"; $_POST['filename'] = ''; } } else { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Couldn't parse certificate!
"; $_POST['expiry_raw'] = ''; $_POST['expiry'] = ''; $_POST['subject'] = ''; $_POST['filename'] = ''; } } $_POST['cert_key'] = base64_encode($_POST['cert_key']); $_POST['cert_chain'] = base64_encode($_POST['cert_chain']); $_fname = $GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; if ($_fname and $_fname != $_POST['filename']) { unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.chain'); unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.key'); unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.pem'); } } } function stunnel_install() { safe_mkdir(STUNNEL_ETCDIR); system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out " . STUNNEL_ETCDIR . "/stunnel.pem -keyout " . STUNNEL_ETCDIR . "/stunnel.pem 2>/dev/null"); chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600); @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); $_rcfile['file'] = 'stunnel.sh'; $_rcfile['start'] = STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; $_rcfile['stop'] = "/usr/bin/killall stunnel \n\t"; write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); if ($config['installedpackages']['stunnel']['config']) { foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); if ($pkgconfig['sourceip']) { fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); } fwrite($fout, "accept = " . ($pkgconfig['localip'] ? $pkgconfig['localip'] . ":" : "") . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } } fclose($fout); } function stunnel_deinstall() { rmdir_recursive("/var/tmp/stunnel"); rmdir_recursive(STUNNEL_ETCDIR); } ?>