This helper parses "mapped" arguments for batch reloads of e.g.
interfaces or devices or items related to that (like gateway
names). The rules are simple:
o If the mapped argument is null reload in full (return true)
o If the mapped argument is an array handle it under later conditionals (return true)
o If the mapped argument is of an unsupported type do nothing (return false)
o If the mapped argument is not null but empty do nothing (return false)
o If the argument is a string convert it to an array, splitting the string
by comma (return true)
o Modify the $map argument to be either null or a non-empty array to normalize
the passed map (also for backwards-compatible reasons of newwanip_map
and vpn_map intermediate steps).
* system: render header for failed active widgets to allow removal
If there is a syntax error in the widget JS code we will not be
able to remove it from the dashboard. This is only a POC as it
doesn't fully work for varying reasons, but details where the
problem lies.
* dashboard: account for failed module imports or class instantiations
---------
Co-authored-by: Stephan de Wit <stephan.de.wit@deciso.com>
* System: Trust: Settings - add boilerplate and move existing store_intermediate_certs setting to new module including migration
* System: Trust: Settings - add configuration constraints and glue to flush CRL's to local trust store when requested.
This implements the following options:
* Enable/Disable legacy providers (enabled by default, which is the current default)
* Option to write specific configuration constraints, when enabled, CipherString, Ciphersuites and MinProtocol[DTS] can be configured
One last piece of the puzzle is the "crl" event action, which should deploy to the local trust store as well ehen requested.
* Update src/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
Co-authored-by: Franco Fichtner <franco@opnsense.org>
* System: Trust: Settings - process review comments https://github.com/opnsense/core/pull/7854
* System: Trust: Settings - flush CRL's when "Store CRL's" is selected
---------
Co-authored-by: Franco Fichtner <franco@opnsense.org>
Although the current impact is likely low, when CRL's are updated, they should trigger this event to update the consumers of this information (as it was pre-migration)
Since we deploy ca_root_nss in a directory with less priority, we can exclude the certificates already part of the base install.
When ca_root_nss contains a certificate not yet known in base, it will copy the certificate from the bundle in the "hashed" file, which also gurantees our packed bundles contain the same content as openssl would use by default.
While here, also include /usr/share/certs/untrusted, which contains the base blacklisted certs.
This commit adds support for deployment of CRL's, as the original implementation also does (but these files don't exist at our end at the moment).
Secondly it fixes a minor omission where cert files with more than one cert in them where not omitted.
* dashboard: Construct Wireguard.js row ID from if+public-key to ensure uniqueness when public keys are reused.
* dashboard: Wireguard.js use concatenated string for uniqueId
