Update copyright years to include 2023
Rector direct global g accesses
Add CA/Cert invalid descr char list to help. Fixes #13387
RemoveUnusedForeachKeyRector runresults
Allow user to select PKCS#12 encryption. Fixes #13257
Convert P12 export to OpenSSL. Fixes #13257
PHP native method of creating PKCS#12 archives does not support using specific algorithms for encryption, so use the openssl binary instead.
Use AES-256 and SHA256 when encrypting the PKCS#12 data and private key.
Cert-related PHP 8.x changes.
CA/Cert descr validation fixes. Fixes #13387
Validate description on save when editing and in other situations thatwere not yet covered.
While here, ensure that errors when editing a cert leave the user on thecert edit screen properly, but successful cases return to the cert list....
Update the Copyright year of the files owned by Rubicon/Netgate.
Revert "Certmanager mvc"
This reverts commit 033c3ae82d20ca5760ed483cf8d0c947764b2371
Certmanager mvc
Certificate fields input validation. Issue #12035
Revert "Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes."
This reverts commit 8d4fcd7ac1167894136e337fc619e63fa7200fa0.
Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.
Do not escape special characters in certificate DN fields. Fixes #12034
Show Export P12 icon if certificate is not locally renewable. Fixes #11884
Show Unbound used certificate on the Certificate Manager page. Fixes #11678
Revert copyright symbols
Add registered trdemark symbol where appropriate
Signed CSR import fix. Issue #11275
Update the Copyright year.
A subsequent commit will deal with .po's.
Add product_label global variable
Introduce product_label global variable, by default with same value ofproduct_name. The idea is to make it easier for rebranded products tochange the name on all visual texts while internal structures arepreserved.
While here, remove deprecated $g['platform'] and also replace places...
Allow import of PKCS12 (pfx) certificates. Issue #8645
Merge pull request #4102 from vktg/impcertonly
Hide PKCS#12 export if private key is empty. Issue #10284
Allow import cert without private key. Issue #9834
Server cert lifetime reduced to 398. Fixes #9825
New requirements coming this fall will require new certs to be valid for at most398 days. Setup this new requirement now, rather than waiting.
While here, reduce usage of hardcoded value where possible.
encrypt exported key with AES-256. Issue #1192
Merge pull request #4147 from vktg/expkeypasscheck
This is 2020. Issue #9245
spaces to tabs
check export key pass length
hide exportpass field on cert import
GUI improvements for ECDSA certificate handling
Change default ECSDA curve to prime256v1. Issue #9843
Previous default was brainpool, but brainpool curves are not (widely?)supported by browsers and were deprecated by IETF for TLS v1.3
Add edit screen for Certificate entries.
CA/Cert optimizations
CA/Cert/CRL code optimizations
While here, use the new download function when exporting items
Enforce a max lifetime for CA/Cert/CRL. Issue #3956
CA validity checks. Fixes #3956
Certificate strength improvements. Fixes #9825
Fix whitespace
Add certificate lifetime to infoblock. Issue #7332
Show detailed infoblock on CA and Cert pages. Implements #9856
Add GUI code and more backend for CA/Cert Renewal. Issue #9842
Merge pull request #4104 from vktg/geneckey
show the key type and related info in the per-cert info block
fixes
Merge pull request #4103 from vktg/csreckey
initial version
additions
initial
if spaces fixes
ec key parser
Fix #9719: Fix descriptive name field behavior
Correct wording of CA/Cert CN input validation. Fixes #9234
Fix copyright message years to reflect BSDP -> ESF -> Netgate
Fix empty lines in forms
Fixes a number of empty lines in forms by adding hidden inputs using`addGlobal` on the form instead of `addInput` on sections or `add` ongroups.
Fix CA/Cert search description. Issue #9412
Add sorting and search to CA/Certs. Implements #9412
Ticket #9308: Replace use of /etc/ca_countries by get_cert_country_codes()
Update copyright notices to 2019. Happy New Year
Rework cert keylen/digest validation. Fixes #9180
Fix #9121: Initialize arrays to prevent PHP 7 errors
Improve handling of empty cert tags. Fixes #9099
Fix redirect back to user mgmt when editing user 0. Fixes #8920
Set default new CA/Cert action to Create Internal. Implements #8851
Certs: Fix CA subject assumptions. Fixes #8801
Several areas made assumptions about the number and order of CA subjectfields that were no longer correct after issue #8381 was corrected.
While here, also remove some outdated references to fields that are no...
Merge pull request #3954 from whislock/crypto-updates
Group CA/Cert CN w/required options. Fixes #8381
Also add a note stating the other fields are optional.
Conform CA/Cert fields to RFC 5280. Fixes #8381
Only required subject field is CN (for simplicity)e-mail field deprecated from CA/Cert (can still be Cert SAN)
Add 6144/remove 512 from cert size options
Add fixed suggested by jim-p
Moved out of my root directory :(
add cert_get_ocspstaple
Fix function name typo
Add function to detect OCSP Must Staple certs. Ticket #8418 and Ticket #8299
Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
Update the Copyright notice for pfSense.
Change how SANs are generated from the CN, considering that not all CNs will produce a valid SAN. Fixes #8252
Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.
Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853While here, add the cert serial number and sig digest type to the info block for each cert.
Fix CA reference so serial increases properly. Remove variable for feature that didn't work out. Ticket #7527
Add another possible CSR Armor string when validating. Ticket #7383
Restructure how certificate types and SANs are handled in the cert manager when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677...
Add the ability to set certificate type and SAN attributes in a CSR. Ticket #7527TODO: They are not carried over after signing in the GUI
Fix some additional cases for CN->SAN handling, and move some code to a function to avoid duplication for other pending uses. Ticket #7666
Allow a wider range of characters to be used in certificate fields, as laid out by RFC 4514. Fixes #7540
Switch the cert info to an infoblock now that #7505 is fixed. Issue #7505
Show SAN, KU, and EKU info in the certificate list. Implements #7505While here, also fix "server" cert detection to key off of the EKU For "TLS Web Server Authentication" since nsCertType has been deprecated.
Always add the CN as the first SAN when creating a certificate in the GUI or an automatic GUI self-signed certificate. Per RFC 2818, relying on the CN to determine the hostname is deprecated, SANs are required. Chrome 58 started enforcing this requirement. Fixes #7496
Merge pull request #3699 from PiBa-NL/20170417-certificatemanager-ca-crl-inuse
Merge pull request #3629 from doktornotor/patch-18
certificate manager, show 'in use' also for CA and CRL where certificates are in use by packages.
certificate manager, allow importing of ECC certificates
Merge branch 'master' into patch-18
Don't display the "export key" icon if there is no key to export. e.g. If hte cert was created from a pasted-in CSR
Base64 encode private key