From 53b43e73975a2be9e5e1bd8516928dcda90660c3 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 20 Nov 2018 20:02:42 +0100
Subject: [PATCH] OpenVPN export, add ca's in export_pkcs12() for
 https://github.com/opnsense/core/issues/2787

---
 .../mvc/app/library/OPNsense/OpenVPN/BaseExporter.php  | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php
index 6c3c499dc..5174ce378 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/BaseExporter.php
@@ -49,14 +49,20 @@ abstract class BaseExporter
      * @param string $crt X.509 certificate
      * @param string $prv PEM formatted private key
      * @param string $pass password
+     * @param array|null $cas list of CA-certificates
      * @return string pkcs12
      */
-    protected function export_pkcs12($crt, $prv, $pass="")
+    protected function export_pkcs12($crt, $prv, $pass="", $cas=null)
     {
         $p12 = null;
         $crt = openssl_x509_read($crt);
         $prv = openssl_get_privatekey($prv);
-        openssl_pkcs12_export($crt, $p12, $prv, $pass);
+        if ($cas !== null) {
+            $args = [
+                'extracerts' => $cas
+            ];
+        }
+        openssl_pkcs12_export($crt, $p12, $prv, $pass, $args);
         return $p12;
     }
 }