security/openconnect: add field to add certificate hash (#723)

(cherry picked from commit 7d40d1a670)
2026-05-28 04:34:15 -04:00 · 2018-07-08 13:24:01 +02:00 · 2018-07-08 13:24:01 +02:00 · 684a9a44ac
commit 684a9a44ac
parent 831162969f
4 changed files with 31 additions and 2 deletions
--- a/security/openconnect/Makefile
+++ b/security/openconnect/Makefile
@ -1,5 +1,5 @@
 PLUGIN_NAME=		openconnect
-PLUGIN_VERSION=		1.0
+PLUGIN_VERSION=		1.1
 PLUGIN_COMMENT=		OpenConnect Client
 PLUGIN_DEPENDS=		openconnect
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
--- a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
+++ b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
@ -23,4 +23,16 @@
        <type>password</type>
        <help>The password name for this connection. Be aware that it will stored in cleartext on this device.</help>
    </field>
+    <field>
+        <id>general.servercert</id>
+        <label>Certificate Hash</label>
+        <type>text</type>
+        <help>If you have a wildcard certificate or the CA is untrusted, you have to enter the SHA hash of the certificate to force a connect.</help>
+    </field>
+    <field>
+        <id>general.hash</id>
+        <label>Certificate Hash Type</label>
+        <type>dropdown</type>
+        <help>Select the type of hash. Possible values are SHA256 or SHA1.</help>
+    </field>
 </form>
--- a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
+++ b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
@ -1,7 +1,7 @@
 <model>
    <mount>//OPNsense/openconnect/general</mount>
    <description>Openconnect configuration</description>
-    <version>1.0.0</version>
+    <version>1.0.1</version>
    <items>
        <enabled type="BooleanField">
            <default>0</default>
@ -23,5 +23,19 @@
            <default>password</default>
            <Required>Y</Required>
        </password>
+        <servercert type="TextField">
+            <Required>N</Required>
+            <mask>/^[a-z0-9]{40,64}$/</mask>
+            <ValidationMessage>Please provide a valid hash.</ValidationMessage>
+        </servercert>
+        <hash type="OptionField">
+            <default>sha256</default>
+            <multiple>N</multiple>
+            <Required>Y</Required>
+                <OptionValues>
+                    <sha256>SHA256</sha256>
+                    <sha1>SHA1</sha1>
+                </OptionValues>
+        </hash>
    </items>
 </model>
--- a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
+++ b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
@ -8,4 +8,7 @@ quiet
 interface=tun30000
 syslog
 passwd-on-stdin
+{%   if helpers.exists('OPNsense.openconnect.general.servercert') and OPNsense.openconnect.general.servercert != '' %}
+servercert={{ OPNsense.openconnect.general.hash }}:{{ OPNsense.openconnect.general.servercert }}
+{%   endif %}
 {% endif %}