Project

General

Profile

Bug #3956

Check for invalid CA on generating new certificate

Added by Grischa Zengel almost 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
10/24/2014
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.1.5
Affected Architecture:

Description

... or check for valid values on generating dynamic function internalca_change() in system_certmanager.php

I had a CA certificate with empty valid-until field.
When I tried to add an new certificate I got all three sections (Import Certificate, Internal Certificate, External Signing Request) at once. Changing method didn't work.

It's not possible to see and understand why you got all three sections and why it's not working, until you debug javaScript.
While generating the function the script errors goes into the function.

I found this broken function:

function internalca_change() {

    index = document.iform.caref.selectedIndex;
    caref = document.iform.caref[index].value;

    switch (caref) {

Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 419
        case "5200d34e2aae4":
            document.iform.dn_country.value = "DE";
            document.iform.dn_state.value = "Hessen";
            document.iform.dn_city.value = "Frankfurt";
            document.iform.dn_organization.value = "RAD-FFM";
            document.iform.dn_email.value = "cert.ffm@dummy";
            break;
        case "544a2eb7e15f1":
            document.iform.dn_country.value = "DE";
            document.iform.dn_state.value = "Hessen";
            document.iform.dn_city.value = "Frankfurt";
            document.iform.dn_organization.value = "Rad-FFM";
            document.iform.dn_email.value = "rad-ffm.pfsense@dummy";
            break;
    }
}

Also available in: Atom PDF