Project

General

Profile

« Previous | Next » 

Revision a84eb838

Added by Jim Pingle about 15 years ago

Perform more strict validation on CA and Cert names before proceeding in the wizard.

View differences:

etc/inc/certs.inc
307 307 
	return $subject_array;
308 308 
}
309 309 

  		




  
  310
  
    
function cert_get_subject_hash($crt) {


  		




  
  311
  
    
	$str_crt = base64_decode($crt);


  		




  
  312
  
    
	$inf_crt = openssl_x509_parse($str_crt);


  		




  
  313
  
    
	return $inf_crt['subject'];


  		




  
  314
  
    
}


  		




  
  315
  
    

  		




  310
  316
  
    
function cert_get_issuer($str_crt, $decode = true) {


  		




  311
  317
  
    

  		




  312
  318
  
    
	if ($decode)


  		












  

    
      usr/local/www/wizards/openvpn_wizard.inc
    
  





  169
  169
  
    

  		




  170
  170
  
    
function step7_submitphpaction() {


  		




  171
  171
  
    
	global $stepid, $savemsg, $_POST, $config;


  		




  172
  
  
    
	


  		




  
  172
  
    

  		




  173
  173
  
    
	$canames = array();


  		




  
  174
  
    
	$cacns = array();


  		




  174
  175
  
    
	foreach($config['system']['ca'] as $ca) {


  		




  175
  176
  
    
		$canames[] = $ca['name'];


  		




  
  177
  
    
		$cainfo = cert_get_subject_hash($ca['crt']);


  		




  
  178
  
    
		$cacns[] = $cainfo["CN"];


  		




  176
  179
  
    
	}


  		




  177
  180
  
    

  		




  178
  181
  
    
	if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||


  		




  ......




  180
  183
  
    
	    empty($_POST['organization']) || empty($_POST['email'])) {


  		




  181
  184
  
    
		$stepid--;


  		




  182
  185
  
    
		$savemsg = "Please enter all information for the new Certificate Authority.";


  		




  183
  
  
    
	} elseif (in_array($_POST['name'], $canames)) {


  		




  
  186
  
    
	} elseif (in_array($_POST['name'], $canames) || in_array($_POST['name'], $cacns)) {


  		




  184
  187
  
    
		$stepid--;


  		




  185
  188
  
    
		$savemsg = "Please enter a different name for the Certicicate Authority. A Certificate Authority with that name already exists.";


  		




  186
  189
  
    
	} else {


  		




  ......




  249
  252
  
    
	global $stepid, $savemsg, $_POST, $config;


  		




  250
  253
  
    

  		




  251
  254
  
    
	$certnames = array();


  		




  
  255
  
    
	$certcns = array();


  		




  252
  256
  
    
	foreach($config['system']['cert'] as $cert) {


  		




  253
  257
  
    
		$certnames[] = $cert['name'];


  		




  
  258
  
    
		$certinfo = cert_get_subject_hash($cert['crt']);


  		




  
  259
  
    
		$certcns[] = $certinfo["CN"];


  		




  254
  260
  
    
	}


  		




  255
  261
  
    

  		




  256
  262
  
    
	if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) ||


  		




  ......




  258
  264
  
    
	    empty($_POST['organization']) || empty($_POST['email'])) {


  		




  259
  265
  
    
		$stepid--;


  		




  260
  266
  
    
		$savemsg = "Please enter all information for the new certificate.";


  		




  261
  
  
    
	} elseif (in_array($_POST['name'], $certnames)) {


  		




  
  267
  
    
	} elseif (in_array($_POST['name'], $certnames) || in_array($_POST['name'], $certcns)) {


  		




  262
  268
  
    
		$stepid--;


  		




  263
  
  
    
		$savemsg = "Please enter a different name for the Certicicate. A Certificate with that name already exists.";	


  		




  
  269
  
    
		$savemsg = "Please enter a different name for the Certicicate. A Certificate with that name/common name already exists.";	


  		




  264
  270
  
    
	} else {


  		




  265
  271
  
    
		$config['ovpnserver']['step9']['uselist'] = "on";


  		




  266
  272
  
    
		$_POST['uselist'] = "on";


  		












Also available in:  Unified diff