lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 01:24:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

OpenVPN server, validate certificate type, closes https://github.com/opnsense/core/issues/3045

Browse Source
This commit is contained in:
Ad Schellevis 2019-02-28 16:36:40 +01:00
parent 6fe924c1f7
commit e7d04751c9
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/www/vpn_openvpn_server.php
View File

@ -329,6 +329,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("Renegotiate time should contain a valid number of seconds.");
}
// When server certificate is set, check type.
if (!empty($pconfig['certref'])) {
foreach ($config['cert'] as $cert) {
if ($cert['refid'] == $pconfig['certref']) {
if (cert_get_purpose($cert['crt'])['server'] == 'No') {
$input_errors[] = gettext(
sprintf("certificate %s is not intended for server use", $cert['descr'])
);
}
}
}
}
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (count($input_errors) == 0) {