diff --git a/security/acme-client/Makefile b/security/acme-client/Makefile
index 1b4b91a18..bf0523622 100644
--- a/security/acme-client/Makefile
+++ b/security/acme-client/Makefile
@@ -1,6 +1,5 @@
PLUGIN_NAME= acme-client
-PLUGIN_VERSION= 1.17
-PLUGIN_REVISION= 1
+PLUGIN_VERSION= 1.18
PLUGIN_COMMENT= Let's Encrypt client
PLUGIN_MAINTAINER= opnsense@moov.de
PLUGIN_DEPENDS= acme.sh bind912
diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php
index 3a7fdf7e1..3771b6b7e 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php
@@ -309,7 +309,7 @@ class SettingsController extends ApiMutableModelControllerBase
}
// Ensure HAProxy frontend additions have been applied.
- foreach ($mdlAcme->getNodeByReference('validations.validation')->__items as $validation) {
+ foreach ($mdlAcme->getNodeByReference('validations.validation')->iterateItems() as $validation) {
// Find all (enabled) validation methods with HAProxy integration.
if ((string)$validation->enabled == "1" and
(string)$validation->method == "http01" and
diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
index e07d394ca..4aa5dc036 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
@@ -750,4 +750,45 @@
text
+
+
+ header
+
+
+
+ validation.dns_gdnsdk_user
+
+ text
+
+
+ validation.dns_gdnsdk_password
+
+ password
+
+
+
+ header
+
+
+
+ validation.dns_acmedns_user
+
+ text
+
+
+ validation.dns_acmedns_password
+
+ password
+
+
+ validation.dns_acmedns_subdomain
+
+ text
+
+
+ validation.dns_acmedns_updateurl
+
+ text
+ Specify the custom ACME DNS Update URL, i.e. https://auth.acme-dns.io/update (optional)
+
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.php b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.php
index 70427ab5c..6c19ca79f 100644
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.php
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.php
@@ -45,7 +45,7 @@ class AcmeClient extends BaseModel
*/
public function getByCertificateID($certificateid)
{
- foreach ($this->certificates->certificate->__items as $certificate) {
+ foreach ($this->certificates->certificate->iterateItems() as $certificate) {
if ((string)$certificateid === (string)$certificate->certificateid) {
return $certificate;
}
@@ -62,7 +62,7 @@ class AcmeClient extends BaseModel
{
if ((string)$this->settings->enabled === "1") {
if ($checkCertificates === true) {
- foreach ($this->certificates->certificate->__items as $certificate) {
+ foreach ($this->certificates->certificate->iterateItems() as $certificate) {
if ((string)$certificate->enabled == "1") {
return true; // Found a active certificate
}
@@ -81,7 +81,7 @@ class AcmeClient extends BaseModel
*/
public function getByActionID($uuid)
{
- foreach ($this->actions->action->__items as $action) {
+ foreach ($this->actions->action->iterateItems() as $action) {
if ((string)$uuid === (string)$action->getAttributes()["uuid"]) {
return $action;
}
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
index f3a6dd373..aa73224eb 100644
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@@ -339,6 +339,7 @@
Ydns_nsupdate
+ ACME DNS APIAlwaysdata.com APIaliyun.com APIautoDNS (InternetX) API
@@ -361,6 +362,7 @@
FreeDNS APIGandi LiveDNS APIGoDaddy.com API
+ GratisDNS.dkHurricane ElectricInfoblox APIINWX XMLRPC API
@@ -655,6 +657,24 @@
N
+
+ N
+
+
+ N
+
+
+ N
+
+
+ N
+
+
+ N
+
+
+ N
+
diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
index 56222e8a5..77f0a39e7 100755
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
@@ -1,37 +1,33 @@
#!/usr/local/bin/php
+ * Copyright (C) 2008 Shrew Soft Inc.
+ * All rights reserved.
*
- * Copyright (C) 2017-2018 Frank Wall
- * Copyright (C) 2015 Deciso B.V.
- * Copyright (C) 2010 Jim Pingle
- * Copyright (C) 2008 Shrew Soft Inc.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
*
- * All rights reserved.
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
// Hello. I am the spaghetti monster. Yummy.
@@ -42,14 +38,13 @@ require_once("certs.inc");
require_once("legacy_bindings.inc");
require_once("interfaces.inc");
require_once("util.inc");
+
// Some stuff requires the almighty MVC framework.
use OPNsense\Core\Backend;
use OPNsense\Core\Config;
use OPNsense\Base;
use OPNsense\AcmeClient\AcmeClient;
-global $config;
-global $postponed_updates;
$postponed_updates = array();
/* CLI arguments:
@@ -145,7 +140,7 @@ function cert_action_validator($opt_cert_id)
$acctRef = (string)$certObj->account;
$acctObj = null;
$acctref_found = false;
- foreach ($modelObj->getNodeByReference('accounts.account')->__items as $node) {
+ foreach ($modelObj->getNodeByReference('accounts.account')->iterateItems() as $node) {
if ((string)$node->getAttributes()["uuid"] == $acctRef) {
$acctref_found = true;
$acctObj = $node;
@@ -182,7 +177,7 @@ function cert_action_validator($opt_cert_id)
$valRef = (string)$certObj->validationMethod;
$valObj = null;
$ref_found = false;
- foreach ($modelObj->getNodeByReference('validations.validation')->__items as $node) {
+ foreach ($modelObj->getNodeByReference('validations.validation')->iterateItems() as $node) {
if ((string)$node->getAttributes()["uuid"] == $valRef) {
$ref_found = true;
$valObj = $node;
@@ -782,6 +777,16 @@ function run_acme_validation($certObj, $valObj, $acctObj)
case 'dns_zonomi':
$proc_env['ZM_Key'] = (string)$valObj->dns_zm_key;
break;
+ case 'dns_gdnsdk':
+ $proc_env['GDNSDK_Username'] = (string)$valObj->dns_gdnsdk_user;
+ $proc_env['GDNSDK_Password'] = (string)$valObj->dns_gdnsdk_password;
+ break;
+ case 'dns_acmedns':
+ $proc_env['ACMEDNS_USERNAME'] = (string)$valObj->dns_acmedns_user;
+ $proc_env['ACMEDNS_PASSWORD'] = (string)$valObj->dns_acmedns_password;
+ $proc_env['ACMEDNS_SUBDOMAIN'] = (string)$valObj->dns_acmedns_subdomain;
+ $proc_env['ACMEDNS_UPDATE_URL'] = (string)$valObj->dns_acmedns_updateurl;
+ break;
default:
log_error("AcmeClient: invalid DNS-01 service specified: " . (string)$valObj->dns_service);
return(1);