From 12e7dd89b18dc83b8602f48aeadde6ce031a018c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@outlook.de>
Date: Tue, 8 Feb 2022 17:07:45 +0100
Subject: [PATCH] dsn/ddclient option to force ssl (#2823)

* dsn/ddclient option to force ssl
* dns/ddclient default ssl
---
 .../app/controllers/OPNsense/DynDNS/forms/settings.xml |  7 +++++++
 .../opnsense/mvc/app/models/OPNsense/DynDNS/DynDNS.xml |  6 +++++-
 .../service/templates/OPNsense/ddclient/ddclient.conf  | 10 +++-------
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/dns/ddclient/src/opnsense/mvc/app/controllers/OPNsense/DynDNS/forms/settings.xml b/dns/ddclient/src/opnsense/mvc/app/controllers/OPNsense/DynDNS/forms/settings.xml
index 756a2c440..0a54f0a61 100644
--- a/dns/ddclient/src/opnsense/mvc/app/controllers/OPNsense/DynDNS/forms/settings.xml
+++ b/dns/ddclient/src/opnsense/mvc/app/controllers/OPNsense/DynDNS/forms/settings.xml
@@ -12,6 +12,13 @@
         <advanced>true</advanced>
         <help>Enable verbose logging</help>
     </field>
+    <field>
+        <id>ddclient.general.force_ssl</id>
+        <label>Force SSL</label>
+        <type>checkbox</type>
+        <advanced>true</advanced>
+        <help>Force update using HTTPS</help>
+    </field>
     <field>
         <id>ddclient.general.daemon_delay</id>
         <label>Interval</label>
diff --git a/dns/ddclient/src/opnsense/mvc/app/models/OPNsense/DynDNS/DynDNS.xml b/dns/ddclient/src/opnsense/mvc/app/models/OPNsense/DynDNS/DynDNS.xml
index 7f01a0158..36c102011 100644
--- a/dns/ddclient/src/opnsense/mvc/app/models/OPNsense/DynDNS/DynDNS.xml
+++ b/dns/ddclient/src/opnsense/mvc/app/models/OPNsense/DynDNS/DynDNS.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/DynDNS</mount>
-    <version>1.0.0</version>
+    <version>1.1.0</version>
     <description>
         Dynamic DNS client
     </description>
@@ -14,6 +14,10 @@
                 <default>0</default>
                 <Required>Y</Required>
             </verbose>
+            <force_ssl type="BooleanField">
+                <default>1</default>
+                <Required>Y</Required>
+            </force_ssl>
             <daemon_delay type="IntegerField">
                 <default>300</default>
                 <Required>Y</Required>
diff --git a/dns/ddclient/src/opnsense/service/templates/OPNsense/ddclient/ddclient.conf b/dns/ddclient/src/opnsense/service/templates/OPNsense/ddclient/ddclient.conf
index 5aa00ca1c..354c5917b 100644
--- a/dns/ddclient/src/opnsense/service/templates/OPNsense/ddclient/ddclient.conf
+++ b/dns/ddclient/src/opnsense/service/templates/OPNsense/ddclient/ddclient.conf
@@ -2,6 +2,9 @@
 daemon={{OPNsense.DynDNS.general.daemon_delay|default('300')}}
 syslog=yes                  # log update msgs to syslog
 pid=/var/run/ddclient.pid   # record PID in file.
+{% if not helpers.empty('OPNsense.DynDNS.general.force_ssl') %}
+ssl=yes
+{% endif %}
 {% if not helpers.empty('OPNsense.DynDNS.general.verbose') %}
 verbose=yes
 {% endif %}
@@ -54,34 +57,27 @@ use=if, if={{physical_interface(account.interface)}}, \
 {%            endif %}
 {%            if account.service == 'custom' %}
 protocol={{account.protocol}}, \
-ssl=yes, \
 server={{account.server}}, \
 {%            elif account.service == 'cloudflare' %}
 protocol=cloudflare, \
 zone={{account.zone}}, \
 {%            elif account.service == 'he-net' %}
 protocol=dyndns2, \
-ssl=yes, \
 server=dyn.dns.he.net, \
 {%            elif account.service == 'he-net-tunnel' %}
 protocol=dyndns2, \
-ssl=yes, \
 server=ipv4.tunnelbroker.net, \
 {%            elif account.service == 'nsupdatev4' %}
 protocol=dyndns2, \
-ssl=yes, \
 server=ipv4.nsupdate.info, \
 {%            elif account.service == 'nsupdatev6' %}
 protocol=dyndns2, \
-ssl=yes, \
 server=ipv6.nsupdate.info, \
 {%            elif account.service == 'strato' %}
 protocol=dyndns2, \
-ssl=yes, \
 server=dyndns.strato.com, \
 {%            else %}
 protocol={{account.service}}, \
-ssl=yes, \
 {%            endif %}
 {%            if account.wildcard|default('0') == '1' %}
 wildcard=yes, \