Revision 3ad5fd27
Added by Ermal LUÇI about 11 years ago
| etc/inc/vpn.inc | ||
|---|---|---|
| 129 | 129 |
/* needed for config files */ |
| 130 | 130 |
if (!is_dir("{$g['varetc_path']}/ipsec"))
|
| 131 | 131 |
mkdir("{$g['varetc_path']}/ipsec");
|
| 132 |
if (!is_dir("{$g['varetc_path']}/ipsec/cacerts"))
|
|
| 133 |
mkdir("{$g['varetc_path']}/ipsec/cacerts");
|
|
| 134 |
if (!is_dir("{$g['varetc_path']}/ipsec/private"))
|
|
| 135 |
mkdir("{$g['varetc_path']}/ipsec/private");
|
|
| 136 |
if (!is_dir("{$g['varetc_path']}/ipsec/crls"))
|
|
| 137 |
mkdir("{$g['varetc_path']}/ipsec/crls");
|
|
| 138 |
if (!is_dir("{$g['varetc_path']}/ipsec/certs"))
|
|
| 139 |
mkdir("{$g['varetc_path']}/ipsec/certs");
|
|
| 140 |
if (!is_dir("{$g['varetc_path']}/ipsec/aacerts"))
|
|
| 141 |
mkdir("{$g['varetc_path']}/ipsec/aacerts");
|
|
| 142 |
if (!is_dir("{$g['varetc_path']}/ipsec/acerts"))
|
|
| 143 |
mkdir("{$g['varetc_path']}/ipsec/acerts");
|
|
| 144 |
if (!is_dir("{$g['varetc_path']}/ipsec/reqs"))
|
|
| 145 |
mkdir("{$g['varetc_path']}/ipsec/reqs");
|
|
| 132 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d"))
|
|
| 133 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d");
|
|
| 134 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/cacerts"))
|
|
| 135 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/cacerts");
|
|
| 136 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/private"))
|
|
| 137 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/private");
|
|
| 138 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/crls"))
|
|
| 139 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/crls");
|
|
| 140 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/certs"))
|
|
| 141 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/certs");
|
|
| 142 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/aacerts"))
|
|
| 143 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/aacerts");
|
|
| 144 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/acerts"))
|
|
| 145 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/acerts");
|
|
| 146 |
if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d/reqs"))
|
|
| 147 |
mkdir("{$g['varetc_path']}/ipsec/ipsec.d/reqs");
|
|
| 146 | 148 |
|
| 147 | 149 |
|
| 148 | 150 |
if ($g['booting']) |
| ... | ... | |
| 398 | 400 |
log_error(sprintf(gettext("Error: Invalid certificate hash info for %s"), $ca['descr']));
|
| 399 | 401 |
continue; |
| 400 | 402 |
} |
| 401 |
$fname = "{$g['varetc_path']}/ipsec/cacerts/{$x509cert['hash']}.0";
|
|
| 403 |
$fname = "{$g['varetc_path']}/ipsec/ipsec.d/cacerts/{$x509cert['hash']}.0";
|
|
| 402 | 404 |
if (!@file_put_contents($fname, $cert)) {
|
| 403 | 405 |
log_error(sprintf(gettext("Error: Cannot write IPsec CA file for %s"), $ca['descr']));
|
| 404 | 406 |
continue; |
| ... | ... | |
| 444 | 446 |
$ca = lookup_ca($ph1ent['caref']); |
| 445 | 447 |
if ($ca) {
|
| 446 | 448 |
$cafile = "ca-{$ikeid}.crt";
|
| 447 |
$capath = "{$g['varetc_path']}/ipsec/cacerts/{$cafile}";
|
|
| 449 |
$capath = "{$g['varetc_path']}/ipsec/ipsec.d/cacerts/{$cafile}";
|
|
| 448 | 450 |
|
| 449 | 451 |
if (!file_put_contents($capath, base64_decode($ca['crt']))) |
| 450 | 452 |
{
|
Also available in: Unified diff
Correct the definitions of certificate path to correct place to allow the daemon to start