| 54 |
54 |
global $cert_max_lifetime;
|
| 55 |
55 |
$cert_max_lifetime = 12000;
|
| 56 |
56 |
|
|
57 |
global $crl_max_lifetime;
|
|
58 |
$crl_max_lifetime = 9999;
|
|
59 |
|
| 57 |
60 |
function & lookup_ca($refid) {
|
| 58 |
61 |
global $config;
|
| 59 |
62 |
|
| ... | ... | |
| 978 |
981 |
return min($max, $cert_max_lifetime);
|
| 979 |
982 |
}
|
| 980 |
983 |
|
|
984 |
/* Detect a rollover at 2050 with UTCTime
|
|
985 |
* See: https://redmine.pfsense.org/issues/9098 */
|
|
986 |
function crl_get_max_lifetime() {
|
|
987 |
global $crl_max_lifetime;
|
|
988 |
$max = $crl_max_lifetime;
|
|
989 |
|
|
990 |
$now = new DateTime("now");
|
|
991 |
$utctime_before_roll = DateTime::createFromFormat('Ymd', '20491231');
|
|
992 |
if ($date !== false) {
|
|
993 |
$interval = $now->diff($utctime_before_roll);
|
|
994 |
$max_days = abs($interval->days);
|
|
995 |
/* Reduce the max well below the rollover time */
|
|
996 |
if ($max_days > 1000) {
|
|
997 |
$max_days -= 1000;
|
|
998 |
}
|
|
999 |
return min($max_days, cert_get_max_lifetime());
|
|
1000 |
}
|
|
1001 |
|
|
1002 |
/* Cannot use date functions, so use a lower default max. */
|
|
1003 |
return min(7000, cert_get_max_lifetime());
|
|
1004 |
}
|
|
1005 |
|
| 981 |
1006 |
function crl_create(& $crl, $caref, $name, $serial = 0, $lifetime = 3650) {
|
| 982 |
1007 |
global $config;
|
| 983 |
|
$max_lifetime = cert_get_max_lifetime();
|
|
1008 |
$max_lifetime = crl_get_max_lifetime();
|
| 984 |
1009 |
$ca =& lookup_ca($caref);
|
| 985 |
1010 |
if (!$ca) {
|
| 986 |
1011 |
return false;
|
| ... | ... | |
| 1017 |
1042 |
require_once('X509_CRL.php');
|
| 1018 |
1043 |
|
| 1019 |
1044 |
global $config;
|
| 1020 |
|
$max_lifetime = cert_get_max_lifetime();
|
|
1045 |
$max_lifetime = crl_get_max_lifetime();
|
| 1021 |
1046 |
$ca =& lookup_ca($crl['caref']);
|
| 1022 |
1047 |
if (!$ca) {
|
| 1023 |
1048 |
return false;
|