Project

General

Profile

« Previous | Next » 

Revision 27127b4a

Added by Jim Pingle almost 8 years ago

Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853
While here, add the cert serial number and sig digest type to the info block for each cert.

(cherry picked from commit aec3a259271be5dae63b148a48b7778c0cd0660e)

View differences:

src/etc/inc/certs.inc
435 435 
	return true;
436 436 
}
437 437 

  		




  438
  
  
    
function csr_sign($csr, & $ca, $duration, $type = "user", $altnames) {


  		




  
  438
  
    
function csr_sign($csr, & $ca, $duration, $type = "user", $altnames, $digest_alg = "sha256") {


  		




  439
  439
  
    
	global $config;


  		




  440
  440
  
    
	$old_err_level = error_reporting(0);


  		




  441
  441
  
    

  		




  ......




  460
  460
  
    

  		




  461
  461
  
    
	$args = array(


  		




  462
  462
  
    
		"x509_extensions" => $cert_type,


  		




  
  463
  
    
		"digest_alg" => $digest_alg,


  		




  463
  464
  
    
		"req_extensions" => "req_{$cert_type}"


  		




  464
  465
  
    
	);


  		




  465
  466
  
    

  		




  ......




  682
  683
  
    
	}


  		




  683
  684
  
    
}


  		




  684
  685
  
    

  		




  
  686
  
    
function cert_get_sigtype($str_crt, $decode = true) {


  		




  
  687
  
    
	if ($decode) {


  		




  
  688
  
    
		$str_crt = base64_decode($str_crt);


  		




  
  689
  
    
	}


  		




  
  690
  
    
	$crt_details = openssl_x509_parse($str_crt);


  		




  
  691
  
    

  		




  
  692
  
    
	$signature = array();


  		




  
  693
  
    
	if (isset($crt_details['signatureTypeSN']) && !empty($crt_details['signatureTypeSN'])) {


  		




  
  694
  
    
		$signature['shortname'] = $crt_details['signatureTypeSN'];


  		




  
  695
  
    
	}


  		




  
  696
  
    
	if (isset($crt_details['signatureTypeLN']) && !empty($crt_details['signatureTypeLN'])) {


  		




  
  697
  
    
		$signature['longname'] = $crt_details['signatureTypeLN'];


  		




  
  698
  
    
	}


  		




  
  699
  
    
	if (isset($crt_details['signatureTypeNID']) && !empty($crt_details['signatureTypeNID'])) {


  		




  
  700
  
    
		$signature['nid'] = $crt_details['signatureTypeNID'];


  		




  
  701
  
    
	}


  		




  
  702
  
    

  		




  
  703
  
    
	return $signature;


  		




  
  704
  
    
}


  		




  
  705
  
    

  		




  685
  706
  
    
function is_openvpn_server_ca($caref) {


  		




  686
  707
  
    
	global $config;


  		




  687
  708
  
    
	if (!is_array($config['openvpn']['openvpn-server'])) {


  		












Also available in:  Unified diff