Remove unnecessary config_init_path() calls
Fix accidental deletion of CAs
$ca does not reference the config at this point - no need to remove it.
kea: Introduce high availability support for both IPv4 and IPv6
Handle certificates with multiple CNs. Fix #15133
Multiple CNs are not supported. For compatibility, default to usingthe first CN in the certificate instead of returning an error.
Update all direct config access with accessor functions
Use config accessors in certificate functions
Fix missed changes in 2aafa69
The direct value is now used instead of the constant variable.
Fix typos and copy/paste issues
Issues found by the PHP linter mostly include typos and usage ofunassigned variables. To address these, traverse the commit historyto determine the intent.
Fix CA trust store custom entries. Fixes #15440
certctl rehash behavior changed, so we need to write the CA files outdifferently now so it picks them up.
Update the years in the Copyright notice.
Rector some direct config array accesses with pure scalar paths.
Refresh OS CA list after updating trust store. Fixes #14876
Correct HTTPS cert list. Fixes #14672
Make sure to exclude weak CA chains from list of HTTPS certificates.
Work around weak certificates for nginx. Implements #14672
Certificate digest strength changes
Part of ongoing changes for OpenSSL 3.x
Allow legacy PKCS#12 export to function (for now). Fixes #14635
Note that CA serial is ignored when randomizing. Fixes #14188
While here, when creating a CA, set the default serial to 1 since theGUI won't allow saving with the serial remaining at 0. That wouldotherwise force the user to change it themselves.
Update copyright years to include 2023
Rector direct global g accesses
Rector some more direct config unsets with pure scalar paths
Spelling fixes. Fix #13357
Allow user to select PKCS#12 encryption. Fixes #13257
Convert P12 export to OpenSSL. Fixes #13257
PHP native method of creating PKCS#12 archives does not support using specific algorithms for encryption, so use the openssl binary instead.
Use AES-256 and SHA256 when encrypting the PKCS#12 data and private key.
Skip empty ca/cert/crl tags.
Cert-related PHP 8.x changes.
More PHP81 fixes for certs.inc
Update is_openvpn_*_ca family for PHP81 for #13446
Correct required param after optional param syntax errors
Use array_values() to expand $cert_curve_compatible
In php8, call_user_func_array expands the $cert_curve_compatible array intonamed parameters for nominated func array_merge(), which returns an error uponbeing called with unknown named parameters. To fix this, explicitly select the...
Consider EC digest prefix when renewing CA/Cert. Fixes #13437
CRL lifetime fixes to avoid rollover. Fixes #13424
Option to keep serial f/renew cert Fixes #13010
Defaults to keep serial for CA but not for certs.
Update the Copyright year of the files owned by Rubicon/Netgate.
Revert "Certmanager mvc"
This reverts commit 033c3ae82d20ca5760ed483cf8d0c947764b2371
Certmanager mvc
Revert "Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes."
This reverts commit 8d4fcd7ac1167894136e337fc619e63fa7200fa0.
Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.
Small fixes for expiredays comparing
Add setting for ignore revoked certificates. Fix Bug #12109
Merge branch 'pfsense:master' into master
certs.inc closing parenthesis fix. Issue #11831
Certificate Revocation page improvements. Issue #11831
Exclude revoked certs from expiration notification. Fix Bug #12109
Do not show CA as In Use if LDAP Server transport is not TLS/SSL. Fixes #11922
Certmanager UTF8 DN support. Fixes #12041
Do not read cert key details if parsing key failed. Fixes #11859
Show Unbound used certificate on the Certificate Manager page. Fixes #11678
Fix cert type handling during renewal. Fixes #11706
Fix handling of renewing cert w/o SAN. Fixes #11652
Improve CA/Self-Signed serial handling. Fixes #11514
Try parsing four digit years in cert timestamps. Fixes #11504
Improve handling of broken/invalid certs. Fixes #11489
Update the Copyright year.
A subsequent commit will deal with .po's.
Allow import of PKCS12 (pfx) certificates. Issue #8645
Renew cert with IP Address SAN. Issue #10362
Require service-utils.inc before using a function from it. Fixes #10360
Server cert lifetime reduced to 398. Fixes #9825
New requirements coming this fall will require new certs to be valid for at most398 days. Setup this new requirement now, rather than waiting.
While here, reduce usage of hardcoded value where possible.
This is 2020. Issue #9245
Merge pull request #4132 from vktg/hidenoprvcerts
parenthesis fix
fix
Merge pull request #4122 from vktg/ecdsarenew
do not show certs without prv by default
curve_compatible_list - array of all compat curves
typo
prime256v1 ec curve for renew
When refreshing CRLs, increment suffix, do not clean up. Fixes #9915
While here, fix a bug with refresh path.
Correctly populate CRL issuer in crl_contains_cert. Fixes #9924
Add 'none' option to cert_build_list. Issue #9923
Restructure OpenVPN settings directory layout
Add select_source compatible output to cert_build_list(). Implements #9923
Update OpenVPN EC list based on testing. Issue #9744
OpenVPN ECDH/ECDSA filtering. Fixes #9744
Can be revisited in the future if the corresponding OpenVPN bug isresolved.
Move CA random serial option to upper section. Issue #9883
This allows it to be set when creating a new CA, so it doesn't have tobe edited in later.
Also show the next serial/random status in the CA info blockHide trust store line from non-CA entries since it's not relevant to...
Rename IPsec "RSA" options to "Certificate". Implements #9903
Attempt to fetch EC curve OID if name is blank. Issue #9745
Certificate date calculation changes. Fixes #9899
Make the certificate date calculation more general and also try multiple waysto determine the date (both timestamp and unix timestamp).
Catch cases where one or the other date fails to calculate to avoid errors....
GUI improvements for ECDSA certificate handling
Change default ECSDA curve to prime256v1. Issue #9843
Previous default was brainpool, but brainpool curves are not (widely?)supported by browsers and were deprecated by IETF for TLS v1.3
Use more accurate date calculations for CA/Cert operations.
Otherwise calculations could fail on ARM
Validate CA/CRL serial input. Issue #9883 Issue #9869
Enforce a max lifetime for CA/Cert/CRL. Issue #3956
Add support for randomized cert serial numbers. Implements #9883
CRL management overhaul
Add option to trust local CA entries. Implements #4068
Similar to closed PR #3558 from overhacked, but with a number ofchanges.
Make value of cert notify setting consistent with others. Issue #7332
Certificate strength improvements. Fixes #9825
Add daily certificate expiration notice. Issue #7332
Add missing newline after Must Staple cert info.
Add settings to control certificate expiration notifications. Issue #7332
Note that the notices themselves do not yet exist. Those are still awork in progress.
Add certificate lifetime to infoblock. Issue #7332
Show detailed infoblock on CA and Cert pages. Implements #9856
Add GUI code and more backend for CA/Cert Renewal. Issue #9842
Merge pull request #4104 from vktg/geneckey
Add ca/certificate renew function backend (no GUI code yet). Issue #9842
spaces to tabs
fixes
initial version
Fix copyright message years to reflect BSDP -> ESF -> Netgate