Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5962] branches/1.0/package/webinterface/altweb
|
From: <abe...@us...> - 2013-02-21 01:35:52
|
Revision: 5962
http://astlinux.svn.sourceforge.net/astlinux/?rev=5962&view=rev
Author: abelbeck
Date: 2013-02-21 01:35:45 +0000 (Thu, 21 Feb 2013)
Log Message:
-----------
web interface, create two flavors of OpenVPN certificate profiles, one with cert/key, the other without
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/openvpn.php
branches/1.0/package/webinterface/altweb/common/openssl.php
Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-02-18 21:58:39 UTC (rev 5961)
+++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-02-21 01:35:45 UTC (rev 5962)
@@ -307,7 +307,7 @@
// Function: ovpnProfile
//
-function ovpnProfile($db, $ssl, &$ta_file) {
+function ovpnProfile($db, $ssl, $client, &$ta_file) {
$default = array (
'client',
@@ -362,6 +362,18 @@
$str .= $caStr;
$str .= "</ca>\n";
}
+ if ($client !== '') {
+ if (($certStr = @file_get_contents($ssl['key_dir'].'/'.$client.'.crt')) !== FALSE) {
+ $str .= "<cert>\n";
+ $str .= $certStr;
+ $str .= "</cert>\n";
+ }
+ if (($keyStr = @file_get_contents($ssl['key_dir'].'/'.$client.'.key')) !== FALSE) {
+ $str .= "<key>\n";
+ $str .= $keyStr;
+ $str .= "</key>\n";
+ }
+ }
if ($ta_file !== '') {
if (($taStr = @file_get_contents($ta_file)) !== FALSE) {
$str .= "<tls-auth>\n";
@@ -468,8 +480,13 @@
$p12pass = opensslRANDOMpass(12);
if (($p12 = opensslPKCS12str($openssl, $value, $p12pass)) !== '') {
$zip->addFromString($value.'/'.$value.'.p12', $p12);
- if (($ovpn = ovpnProfile($db, $openssl, $tls_auth_file)) !== FALSE) {
- $zip->addFromString($value.'/'.$value.'.ovpn', $ovpn);
+ if (($ovpn = ovpnProfile($db, $openssl, $value, $tls_auth_file)) !== FALSE) {
+ $zip->addFromString($value.'/openvpn-cert-key/'.$value.'.ovpn', $ovpn);
+ if (($ovpn = preg_filter('/<cert>.*<\/cert>/s', '', $ovpn)) !== NULL) {
+ if (($ovpn = preg_filter('/<key>.*<\/key>/s', '', $ovpn)) !== NULL) {
+ $zip->addFromString($value.'/openvpn-nocert-nokey/'.$value.'.ovpn', $ovpn);
+ }
+ }
if ($tls_auth_file !== '') {
$zip->addFile($tls_auth_file, $value.'/'.$value.'-ta.key');
$zip->addFromString($value.'/README.txt', opensslREADMEstr('ovpn-ta', $value, $p12pass));
Modified: branches/1.0/package/webinterface/altweb/common/openssl.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/openssl.php 2013-02-18 21:58:39 UTC (rev 5961)
+++ branches/1.0/package/webinterface/altweb/common/openssl.php 2013-02-21 01:35:45 UTC (rev 5962)
@@ -256,11 +256,16 @@
$readme .= "PKCS#12 Container Password: $pass\n";
$readme .= "Keep it secure.\n\n";
if ($type === 'ovpn' || $type === 'ovpn-ta') {
- $readme .= "$commonName.ovpn - OpenVPN certificate profile, use with file '$commonName.p12' for client devices.\n\n";
if ($type === 'ovpn-ta') {
$readme .= "$commonName-ta.key - TLS-Auth key which adds an additional HMAC signature to all SSL/TLS handshake packets.\n";
$readme .= "Note: File '$commonName-ta.key' is not encrypted and must be kept secure.\n\n";
}
+ $readme .= "Directory 'openvpn-cert-key':\n";
+ $readme .= "$commonName.ovpn - OpenVPN certificate profile, contains client certificate and private key.\n";
+ $readme .= "Note: File 'openvpn-cert-key/$commonName.ovpn' is not encrypted and must be kept secure.\n\n";
+
+ $readme .= "Directory 'openvpn-nocert-nokey':\n";
+ $readme .= "$commonName.ovpn - OpenVPN certificate profile, use with file '$commonName.p12' for client devices.\n\n";
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
