check ECDSA certs curves

pfsense · Nov 23, 2019 · f0ed5d3 · f0ed5d3
1 parent 375ae1d
commit f0ed5d3
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/security/pfSense-pkg-stunnel/Makefile b/security/pfSense-pkg-stunnel/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	pfSense-pkg-stunnel
 PORTVERSION=	5.50
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/security/pfSense-pkg-stunnel/files/usr/local/pkg/stunnel.inc b/security/pfSense-pkg-stunnel/files/usr/local/pkg/stunnel.inc
@@ -143,4 +143,16 @@ function stunnel_deinstall() {
 	rmdir_recursive("/var/tmp/stunnel");
 	rmdir_recursive(STUNNEL_ETCDIR);
 }
+
+/* This change cannot be pulled back to RELENG_2_4_4 since it would break there.
+ * see https://redmine.pfsense.org/issues/9897
+ */
+function stunnel_get_certs() {
+	$c_arr = array();
+	$ecdsagood = cert_build_list('cert', 'IPsec');
+	foreach ($ecdsagood as $refid => $descr) {
+		$c_arr[] = array('refid' => $refid, 'descr' => $descr);
+	}
+	return $c_arr;
+}
 ?>
diff --git a/security/pfSense-pkg-stunnel/files/usr/local/pkg/stunnel.xml b/security/pfSense-pkg-stunnel/files/usr/local/pkg/stunnel.xml
@@ -108,7 +108,7 @@
 			<fieldname>certificate</fieldname>
 			<description>Select server certificate to use for this tunnel.</description>
 			<type>select_source</type>
-			<source><![CDATA[$config['cert']]]></source>
+			<source><![CDATA[stunnel_get_certs()]]></source>
 			<source_name>descr</source_name>
 			<source_value>refid</source_value>
 			<show_disable_value>default</show_disable_value>