From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 16/16] IPsec: Add CA certificate in Apple profile Date: Thu, 28 May 2020 17:58:50 +0000 Message-ID: <20200528175850.12638-17-michael.tremer@ipfire.org> In-Reply-To: <20200528175850.12638-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6609301751408786501==" List-Id: --===============6609301751408786501== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Signed-off-by: Michael Tremer --- html/cgi-bin/vpnmain.cgi | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index bcbe6227e..fa97ed531 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1246,13 +1246,23 @@ END my $uuid1 = $uuid->create_str(); my $uuid2 = $uuid->create_str(); + my $ca = ""; + my $ca_uuid = $uuid->create_str(); + my $cert = ""; my $cert_uuid = $uuid->create_str(); - # Read and encode certificate + # Read and encode the CA & certificate if ($confighash{$key}[4] eq "cert") { + my $ca_path = "${General::swroot}/ca/cacert.pem"; my $cert_path = "${General::swroot}/certs/$confighash{$key}[1].p12"; + # Read the CA and encode it into Base64 + open(CA, "<${ca_path}"); + local($/) = undef; # slurp + $ca = MIME::Base64::encode_base64(); + close(CA); + # Read certificate and encode it into Base64 open(CERT, "<${cert_path}"); local($/) = undef; # slurp @@ -1465,6 +1475,25 @@ END print " \n"; print " \n"; + + print " \n"; + print " PayloadIdentifier\n"; + print " org.example.ca\n"; + print " PayloadUUID\n"; + print " ${ca_uuid}\n"; + print " PayloadType\n"; + print " com.apple.security.root\n"; + print " PayloadVersion\n"; + print " 1\n"; + print " PayloadContent\n"; + print " \n"; + + foreach (split /\n/,${ca}) { + print " $_\n"; + } + + print " \n"; + print " \n"; } print " \n"; -- 2.20.1 --===============6609301751408786501==--