upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-02-03 20:40:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/acme-client: fix legacy inclusion

Browse source
This commit is contained in:
Franco Fichtner 2025-11-15 18:31:59 -05:00
parent 20b507efeb
commit 0916add402
3 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
security/acme-client/Makefile
View file

@ -1,6 +1,6 @@
PLUGIN_NAME= acme-client
PLUGIN_VERSION= 4.10
PLUGIN_REVISION= 1
PLUGIN_REVISION= 2
PLUGIN_COMMENT= ACME Client
PLUGIN_MAINTAINER= opnsense@moov.de
PLUGIN_DEPENDS= acme.sh py${PLUGIN_PYTHON}-dns-lexicon

14
security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php
View file

@ -31,6 +31,8 @@ namespace OPNsense\AcmeClient\LeValidation;
use OPNsense\AcmeClient\LeValidationInterface;
use OPNsense\AcmeClient\LeUtils;
use OPNsense\Core\Config;
use OPNsense\Core\File;
use OPNsense\Core\Shell;
/**
* Use internal OPNsense webserver for HTTP-01 validation
@ -125,18 +127,16 @@ class HttpOpnsense extends Base implements LeValidationInterface
}
// Create temporary port forward to allow acme challenges to get through
$anchor_setup = "rdr-anchor \"acme-client\"\n";
// XXX Should not be using util.inc from here
file_safe("{$configdir}/acme_anchor_setup", $anchor_setup, 0600);
mwexecf('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
file_safe("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
mwexecf('/sbin/pfctl -a %s -f %s', ['acme-client', "{$configdir}/acme_anchor_rules"]);
File::file_put_contents("{$configdir}/acme_anchor_setup", "rdr-anchor \"acme-client\"\n", 0600);
Shell::run_safe('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
File::file_put_contents("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
Shell::run_safe('/sbin/pfctl -a %s -f %s', ['acme-client', "{$configdir}/acme_anchor_rules"]);
}
public function cleanup()
{
// Flush OPNsense port forward rules.
mwexecf('/sbin/pfctl -a %s -F %s', ['acme-client', 'all']);
Shell::run_safe('/sbin/pfctl -a %s -F %s', ['acme-client', 'all']);
// Workaround to solve disconnection issues reported by some users.
$backend = new \OPNsense\Core\Backend();

14
security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php
View file

@ -31,6 +31,8 @@ namespace OPNsense\AcmeClient\LeValidation;
use OPNsense\AcmeClient\LeValidationInterface;
use OPNsense\AcmeClient\LeUtils;
use OPNsense\Core\Config;
use OPNsense\Core\File;
use OPNsense\Core\Shell;
/**
* Use acme.sh TLS web server for TLS-ALPN-01 validation
@ -126,18 +128,16 @@ class TlsalpnAcme extends Base implements LeValidationInterface
}
// Create temporary port forward to allow acme challenges to get through
$anchor_setup = "rdr-anchor \"acme-client\"\n";
// XXX Should not be using util.inc from here
file_safe("{$configdir}/acme_anchor_setup", $anchor_setup, 0600);
mwexecf('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
file_safe("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
mwexecf("/sbin/pfctl -a %s -f %s", ['acme-client', "{$configdir}/acme_anchor_rules"]);
File::file_put_contents("{$configdir}/acme_anchor_setup", "rdr-anchor \"acme-client\"\n", 0600);
Shell::run_safe('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
File::file_put_contents("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
Shell::run_safe("/sbin/pfctl -a %s -f %s", ['acme-client', "{$configdir}/acme_anchor_rules"]);
}
public function cleanup()
{
// Flush OPNsense port forward rules.
mwexecf('/sbin/pfctl -a %s -F %s', ['acme-client', 'all']);
Shell::run_safe('/sbin/pfctl -a %s -F %s', ['acme-client', 'all']);
// Workaround to solve disconnection issues reported by some users.
$backend = new \OPNsense\Core\Backend();