security/acme-client: include all IPs on interface, including any IPv6 address

Note that this will still not include virtual IPs but only the main IPs.
2026-05-28 04:34:15 -04:00 · 2026-02-25 15:10:24 +00:00 · 2026-02-25 15:10:24 +00:00 · 3bc852e539
commit 3bc852e539
parent 9b10160d9c
2 changed files with 10 additions and 16 deletions
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php
@ -79,14 +79,11 @@ class HttpOpnsense extends Base implements LeValidationInterface
            $backend = new \OPNsense\Core\Backend();
            $interface = (string)$this->config->http_opn_interface;
            $response = json_decode($backend->configdpRun('interface address', [$interface]));
-            // XXX Returns both IPv4 and IPv6 now. While "[0]" and
-            // "[1]" should remain in this order it would make sense
-            // to ensure "family" matches "inet" or "inet6" and/or
-            // pull both addresses for missing IPv6 support depending
-            // on how this should work.
-            if (!empty($response->$interface[0]->address)) {
-                $iplist[] = $response->$interface[0]->address;
-            }
+            foreach ($response->$interface as $if) {
+                if (!empty($if->address)) {
+                    $iplist[] = $if->address;
+                }
+	    }
        }

        // Generate rules for all IP addresses
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php
@ -80,14 +80,11 @@ class TlsalpnAcme extends Base implements LeValidationInterface
            $backend = new \OPNsense\Core\Backend();
            $interface = (string)$this->config->tlsalpn_acme_interface;
            $response = json_decode($backend->configdpRun('interface address', [$interface]));
-            // XXX Returns both IPv4 and IPv6 now. While "[0]" and
-            // "[1]" should remain in this order it would make sense
-            // to ensure "family" matches "inet" or "inet6" and/or
-            // pull both addresses for missing IPv6 support depending
-            // on how this should work.
-            if (!empty($response->$interface[0]->address)) {
-                $iplist[] = $response->$interface[0]->address;
-            }
+            foreach ($response->$interface as $if) {
+                if (!empty($if->address)) {
+                    $iplist[] = $if->address;
+                }
+	    }
        }

        // Generate rules for all IP addresses