From 971b4da0cfb6730c3c482161db001c80162584e3 Mon Sep 17 00:00:00 2001
From: Robert Zaage <robert@zaage.it>
Date: Sun, 11 Feb 2024 20:31:20 +0100
Subject: [PATCH 1/2] os-openconnect: Added option to enable the use of
 insecure ciphers

Committer: Robert Zaage <robert@zaage.it>
---
 .../app/controllers/OPNsense/Openconnect/forms/general.xml  | 6 ++++++
 .../mvc/app/models/OPNsense/Openconnect/General.xml         | 4 ++++
 .../service/templates/OPNsense/Openconnect/openconnect.conf | 3 +++
 3 files changed, 13 insertions(+)

diff --git a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
index 0e13339b8..a40a423e0 100644
--- a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
+++ b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
@@ -59,6 +59,12 @@
         <type>text</type>
         <help>Enter a secret to use with one-time password generation.</help>
     </field>
+    <field>
+        <id>general.allowinsecure</id>
+        <label>Allow Insecure Ciphers</label>
+        <type>checkbox</type>
+        <help>This option allows the use of insecure ciphers.</help>
+    </field>
     <field>
         <id>general.protocol</id>
         <label>Protocol</label>
diff --git a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
index 9b9560a56..e3de23d1c 100644
--- a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
+++ b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
@@ -58,6 +58,10 @@
         <tokensecret type="TextField">
             <Required>N</Required>
         </tokensecret>
+        <allowinsecure type="BooleanField">
+            <Default>0</Default>
+            <Required>N</Required>
+        </allowinsecure>
         <protocol type="OptionField">
             <Default>anyconnect</Default>
             <Required>Y</Required>
diff --git a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
index 32d13a286..f04b3e506 100644
--- a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
+++ b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
@@ -25,6 +25,9 @@ token-mode={{ OPNsense.openconnect.general.tokenmode }}
 token-secret={{ OPNsense.openconnect.general.tokensecret }}
 {%     endif %}
 {%   endif %}
+{%   if OPNsense.openconnect.general.allowinsecure|default('0') == '1' %}
+allow-insecure-crypto
+{%   endif %}
 {%   if helpers.exists('OPNsense.openconnect.general.protocol') and OPNsense.openconnect.general.protocol != '' %}
 protocol={{ OPNsense.openconnect.general.protocol }}
 {%     if OPNsense.openconnect.general.protocol == 'anyconnect' %}

From 447b8cd5cc19f90f728013ff94a692c5fae9e506 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 12 Apr 2024 09:27:12 +0200
Subject: [PATCH 2/2] security/openconnect - template safety and versioning for
 https://github.com/opnsense/plugins/pull/3815

---
 security/openconnect/Makefile                                 | 2 +-
 security/openconnect/pkg-descr                                | 4 ++++
 .../opnsense/mvc/app/models/OPNsense/Openconnect/General.xml  | 2 +-
 .../service/templates/OPNsense/Openconnect/openconnect.conf   | 2 +-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/security/openconnect/Makefile b/security/openconnect/Makefile
index 9296d2ffc..9c0c4721a 100644
--- a/security/openconnect/Makefile
+++ b/security/openconnect/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		openconnect
-PLUGIN_VERSION=		1.4.5
+PLUGIN_VERSION=		1.4.6
 PLUGIN_COMMENT=		OpenConnect Client
 PLUGIN_DEPENDS=		openconnect
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
diff --git a/security/openconnect/pkg-descr b/security/openconnect/pkg-descr
index 9d18d3a10..57081e80d 100644
--- a/security/openconnect/pkg-descr
+++ b/security/openconnect/pkg-descr
@@ -6,6 +6,10 @@ the Juniper SSL VPN which is now known as Pulse Connect Secure.
 Plugin Changelog
 ================
 
+1.4.6
+
+* add allowinsecure
+
 1.4.5
 
 * Allow ":" and "/" characters in user name
diff --git a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
index e3de23d1c..0bd610eba 100644
--- a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
+++ b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/openconnect/general</mount>
     <description>Openconnect configuration</description>
-    <version>1.0.3</version>
+    <version>1.0.4</version>
     <items>
         <enabled type="BooleanField">
             <Default>0</Default>
diff --git a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
index f04b3e506..69d7a51ea 100644
--- a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
+++ b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
@@ -25,7 +25,7 @@ token-mode={{ OPNsense.openconnect.general.tokenmode }}
 token-secret={{ OPNsense.openconnect.general.tokensecret }}
 {%     endif %}
 {%   endif %}
-{%   if OPNsense.openconnect.general.allowinsecure|default('0') == '1' %}
+{%   if not helpers.empty('OPNsense.openconnect.general.allowinsecure') %}
 allow-insecure-crypto
 {%   endif %}
 {%   if helpers.exists('OPNsense.openconnect.general.protocol') and OPNsense.openconnect.general.protocol != '' %}