Revision 14ec7c4b
Added by Chris Buechler about 10 years ago
| etc/inc/vpn.inc | ||
|---|---|---|
| 151 | 151 |
$certpath = "{$g['varetc_path']}/ipsec/ipsec.d/certs";
|
| 152 | 152 |
$capath = "{$g['varetc_path']}/ipsec/ipsec.d/cacerts";
|
| 153 | 153 |
$keypath = "{$g['varetc_path']}/ipsec/ipsec.d/private";
|
| 154 |
$crlpath = "{$g['varetc_path']}/ipsec/ipsec.d/crls";
|
|
| 154 | 155 |
|
| 155 | 156 |
mwexec("/sbin/ifconfig enc0 up");
|
| 156 | 157 |
set_single_sysctl("net.inet.ip.ipsec_in_use", "1");
|
| ... | ... | |
| 171 | 172 |
if (!is_dir($keypath)) {
|
| 172 | 173 |
mkdir($keypath); |
| 173 | 174 |
} |
| 174 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/crls")) {
|
|
| 175 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/crls");
|
|
| 175 |
if (!is_dir($crlpath)) {
|
|
| 176 |
mkdir($crlpath);
|
|
| 176 | 177 |
} |
| 177 | 178 |
if (!is_dir($certpath)) {
|
| 178 | 179 |
mkdir($certpath); |
| ... | ... | |
| 584 | 585 |
unset($cert); |
| 585 | 586 |
} |
| 586 | 587 |
} |
| 588 |
|
|
| 589 |
/* write out CRL files */ |
|
| 590 |
if (is_array($config['crl']) && count($config['crl'])) {
|
|
| 591 |
foreach ($config['crl'] as $crl) {
|
|
| 592 |
if (!isset($crl['text'])) {
|
|
| 593 |
log_error(sprintf(gettext("Error: Invalid CRL data for %s"), $crl['descr']));
|
|
| 594 |
continue; |
|
| 595 |
} |
|
| 596 |
$fpath = "{$crlpath}/{$crl['refid']}.crl";
|
|
| 597 |
if (!@file_put_contents($fpath, base64_decode($crl['text']))) {
|
|
| 598 |
log_error(sprintf(gettext("Error: Cannot write IPsec CRL file for %s"), $crl['descr']));
|
|
| 599 |
continue; |
|
| 600 |
} |
|
| 601 |
} |
|
| 602 |
} |
|
| 587 | 603 |
|
| 588 | 604 |
$pskconf = ""; |
| 589 | 605 |
|
Also available in: Unified diff
write out built-in CRLs for strongswan