Project

General

Profile

Actions

Bug #3956

closed

Check for invalid CA on generating new certificate

Added by Grischa Zengel over 9 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
10/24/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

... or check for valid values on generating dynamic function internalca_change() in system_certmanager.php

I had a CA certificate with empty valid-until field.
When I tried to add an new certificate I got all three sections (Import Certificate, Internal Certificate, External Signing Request) at once. Changing method didn't work.

It's not possible to see and understand why you got all three sections and why it's not working, until you debug javaScript.
While generating the function the script errors goes into the function.

I found this broken function:

function internalca_change() {

    index = document.iform.caref.selectedIndex;
    caref = document.iform.caref[index].value;

    switch (caref) {

Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp in /etc/inc/certs.inc on line 419
        case "5200d34e2aae4":
            document.iform.dn_country.value = "DE";
            document.iform.dn_state.value = "Hessen";
            document.iform.dn_city.value = "Frankfurt";
            document.iform.dn_organization.value = "RAD-FFM";
            document.iform.dn_email.value = "cert.ffm@dummy";
            break;
        case "544a2eb7e15f1":
            document.iform.dn_country.value = "DE";
            document.iform.dn_state.value = "Hessen";
            document.iform.dn_city.value = "Frankfurt";
            document.iform.dn_organization.value = "Rad-FFM";
            document.iform.dn_email.value = "rad-ffm.pfsense@dummy";
            break;
    }
}
Actions

Also available in: Atom PDF