Although the current impact is likely low, when CRL's are updated, they should trigger this event to update the consumers of this information (as it was pre-migration)
Since we deploy ca_root_nss in a directory with less priority, we can exclude the certificates already part of the base install.
When ca_root_nss contains a certificate not yet known in base, it will copy the certificate from the bundle in the "hashed" file, which also gurantees our packed bundles contain the same content as openssl would use by default.
While here, also include /usr/share/certs/untrusted, which contains the base blacklisted certs.
This commit adds support for deployment of CRL's, as the original implementation also does (but these files don't exist at our end at the moment).
Secondly it fixes a minor omission where cert files with more than one cert in them where not omitted.
* dashboard: Construct Wireguard.js row ID from if+public-key to ensure uniqueness when public keys are reused.
* dashboard: Wireguard.js use concatenated string for uniqueId
This always bugged me: 'newwanip_map' is called when e.g. DHCP is
done but here we just do it async to start something. This doesn't
make sense, because eventually it triggers twice.
What rc.reload_all and setports.php do is call 'local' and I think
that makes sense.
Add RRD package with a simple factory class and a basic construct to define different rrd output types we support.
This package contains the following:
* RRD/Types -- Output definitions, responsible for generating RRD structures and feeding data
* RRD/Stats -- Statistics gathering classes
* Factory -- binds types and statistics together.
On my end on a simple test this is roughly 40% faster than running /var/db/rrd/updaterrd.sh, which makes caching of metadata (config access) less relevant.
The new script should be able to replace all existing rrd cruft and supports a debug mode to find discrepanties between defined outputs in types and collected data in stats.
```
Usage: updaterrd.php [-h] [-d]
-d debug mode, output errors to stdout
```
Everything has been converted and plugins do not ship with a
"vpn" event. "newwanip" is similar and the plugins have been
ensured to be moved to the new one in 24.7.3 already.
Although we recommend using matching CN's and usernames, it is possible to share a certificate. Since the datafeed already contains the username, let's add the field to the grid.
Unify the situation for 'ppp_port' vs 'ports' use by using the latter
as is. One of the issues of this page always was inconsistency after
all. Then also zap the validation that causes the changes not to be
accepted. In theory it's posted anyway but that has been the case for
PPPoE/L2TP/PPTP since the fork.
* unbound: discard-timeout
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
* Update src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
Co-authored-by: Franco Fichtner <franco@lastsummer.de>
* unbound: update field help text
---------
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
Co-authored-by: Franco Fichtner <franco@lastsummer.de>
Co-authored-by: Stephan de Wit <stephan.de.wit@deciso.com>
