/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 1ec79365

Certs: Fix CA subject assumptions. Fixes #8801

Several areas made assumptions about the number and order of CA subject
fields that were no longer correct after issue #8381 was corrected.

While here, also remove some outdated references to fields that are no
longer needed in related areas.

     	$cert_hostname = "{$config['system']['hostname']}-{$cert['refid']}";
     	$dn = array(
     		'countryName' => "US",
     		'stateOrProvinceName' => "State",
     		'localityName' => "Locality",
     		'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate",
     		'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}",
     		'commonName' => $cert_hostname,
     		'subjectAltName' => "DNS:{$cert_hostname}");
     	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */

     					continue;
+    				}
     				$subject = cert_get_subject_array($ca['crt']);
     				$subject = cert_get_subject_hash($ca['crt']);
     ?>
     				case "<?=$ca['refid'];?>":
     					$('#dn_country').val(<?=json_encode(cert_escape_x509_chars($subject[0]['v'], true));?>);
     					$('#dn_state').val(<?=json_encode(cert_escape_x509_chars($subject[1]['v'], true));?>);
     					$('#dn_city').val(<?=json_encode(cert_escape_x509_chars($subject[2]['v'], true));?>);
     					$('#dn_organization').val(<?=json_encode(cert_escape_x509_chars($subject[3]['v'], true));?>);
     					$('#dn_organizationalunit').val(<?=json_encode(cert_escape_x509_chars($subject[6]['v'], true));?>);
     					$('#dn_country').val(<?=json_encode(cert_escape_x509_chars($subject['C'], true));?>);
     					$('#dn_state').val(<?=json_encode(cert_escape_x509_chars($subject['ST'], true));?>);
     					$('#dn_city').val(<?=json_encode(cert_escape_x509_chars($subject['L'], true));?>);
     					$('#dn_organization').val(<?=json_encode(cert_escape_x509_chars($subject['O'], true));?>);
     					$('#dn_organizationalunit').val(<?=json_encode(cert_escape_x509_chars($subject['OU'], true));?>);
     					break;
     <?php
     			endforeach;

     				$cert['descr'] = $_POST['name'];
     				$subject = cert_get_subject_array($ca['crt']);
     				$dn = array(
     					'countryName' => $subject[0]['v'],
     					'stateOrProvinceName' => $subject[1]['v'],
     					'localityName' => $subject[2]['v'],
     					'organizationName' => $subject[3]['v'],
     					'emailAddress' => $subject[4]['v'],
     					'commonName' => $userent['name']);
     				$subject = cert_get_subject_hash($ca['crt']);
     				$dn = array();
     				if (!empty($subject['C'])) {
     					$dn['countryName'] = $subject['C'];
+    				}
     				if (!empty($subject['ST'])) {
     					$dn['stateOrProvinceName'] = $subject['ST'];
+    				}
     				if (!empty($subject['L'])) {
     					$dn['localityName'] = $subject['L'];
+    				}
     				if (!empty($subject['O'])) {
     					$dn['organizationName'] = $subject['O'];
+    				}
     				if (!empty($subject['OU'])) {
     					$dn['organizationalUnit'] = $subject['OU'];
+    				}
     				$dn['commonName'] = $userent['name'];
     				$cn_altname = cert_add_altname_type($userent['name']);
     				if (!empty($cn_altname)) {
     					$dn['subjectAltName'] = $cn_altname;

     		$org = $pconfig['step6']['organization'];
     	} else {
     		$ca = lookup_ca($pconfig['step6']['authcertca']);
     		$cavl = cert_get_subject_array($ca['crt']);
     		$country = $cavl[0]['v'];
     		$state = $cavl[1]['v'];
     		$city = $cavl[2]['v'];
     		$org = $cavl[3]['v'];
     		$cavl = cert_get_subject_hash($ca['crt']);
     		$country = $cavl['C'];
     		$state = $cavl['ST'];
     		$city = $cavl['L'];
     		$org = $cavl['O'];
+    	}
     	$fields =& $pkg['step'][$stepid]['fields']['field'];

Also available in: Unified diff