OpenVPN Export: Fix user cert check. Fixes #12475

pfsense · Nov 3, 2022 · 34355eb · 34355eb
1 parent 72f0574
commit 34355eb
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/security/pfSense-pkg-openvpn-client-export/files/usr/local/www/vpn_openvpn_export.php b/security/pfSense-pkg-openvpn-client-export/files/usr/local/www/vpn_openvpn_export.php
@@ -256,11 +256,19 @@
 		}
 	}
 	if (($srvcfg['mode'] == "server_tls_user") && ($srvcfg['authmode'] == "Local Database")) {
-		$cert = $user['cert'][$crtid];
+		if (array_key_exists($usrid, $a_user) &&
+		    array_key_exists('cert', $a_user[$usrid]) &&
+		    array_key_exists($crtid, $a_user[$usrid]['cert'])) {
+			$cert = lookup_cert($a_user[$usrid]['cert'][$crtid]);
+		} else {
+			$input_errors[] = "Invalid user/certificate index value.";
+		}
 	} else {
 		$cert = $config['cert'][$crtid];
 	}
-	if (($srvcfg['mode'] != "server_user") && !$usepkcs11 && !$usetoken && empty($cert['prv'])) {
+	if (empty($cert)) {
+		$input_errors[] = "Unable to locate the requested certificate.";
+	} elseif (($srvcfg['mode'] != "server_user") && !$usepkcs11 && !$usetoken && empty($cert['prv'])) {
 		$input_errors[] = "A private key cannot be empty if PKCS#11 or Microsoft Certificate Storage is not used.";
 	}