Revision b078cd59
Added by Steve Beaver over 8 years ago
| src/usr/local/www/system_certmanager.php | ||
|---|---|---|
| 394 | 394 |
$caref = $config['ca'][$pconfig['catosignwith']]['refid']; |
| 395 | 395 |
$type = (cert_get_purpose($config['cert'][$pconfig['csrtosign']]['csr'])['server'] === "Yes") ? "server":"user"; |
| 396 | 396 |
|
| 397 |
$e = openssl_csr_sign($csr, $ca, $key, $duration, ['x509_extensions' => 'v3_req']); |
|
| 398 |
$input_errors = array(); |
|
| 399 |
while ($ssl_err = openssl_error_string()) {
|
|
| 400 |
if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
|
|
| 401 |
array_push($input_errors, "openssl library returns: " . $ssl_err); |
|
| 402 |
} |
|
| 403 |
} |
|
| 404 |
|
|
| 405 |
if (!$input_errors) {
|
|
| 406 |
openssl_x509_export($e, $n509); |
|
| 397 |
openssl_x509_export(openssl_csr_sign($csr, $ca, $key, $duration, ['x509_extensions' => 'v3_req']), $n509); |
|
| 407 | 398 |
|
| 408 |
$newcert = array(); |
|
| 409 |
$newcert['refid'] = uniqid(); |
|
| 410 |
$newcert['caref'] = $caref; |
|
| 411 |
$newcert['descr'] = $pconfig['descr']; |
|
| 412 |
$newcert['type'] = $type; |
|
| 413 |
$newcert['crt'] = base64_encode($n509); |
|
| 414 |
|
|
| 415 |
if ($pconfig['csrtosign'] === "new") {
|
|
| 416 |
$newcert['prv'] = $pconfig['keypaste']; |
|
| 417 |
} else {
|
|
| 418 |
$newcert['prv'] = $config['cert'][$pconfig['csrtosign']]['prv']; |
|
| 419 |
} |
|
| 399 |
$newcert = array(); |
|
| 400 |
$newcert['refid'] = uniqid(); |
|
| 401 |
$newcert['caref'] = $caref; |
|
| 402 |
$newcert['descr'] = $pconfig['descr']; |
|
| 403 |
$newcert['type'] = $type; |
|
| 404 |
$newcert['crt'] = base64_encode($n509); |
|
| 420 | 405 |
|
| 421 |
$config['cert'][] = $newcert; |
|
| 406 |
if ($pconfig['csrtosign'] === "new") {
|
|
| 407 |
$newcert['prv'] = $pconfig['keypaste']; |
|
| 408 |
} else {
|
|
| 409 |
$newcert['prv'] = $config['cert'][$pconfig['csrtosign']]['prv']; |
|
| 422 | 410 |
} |
| 423 | 411 |
|
| 412 |
$config['cert'][] = $newcert; |
|
| 413 |
|
|
| 424 | 414 |
error_reporting($old_err_level); |
| 425 | 415 |
|
| 426 | 416 |
} else {
|
| ... | ... | |
| 717 | 707 |
'keypaste', |
| 718 | 708 |
'CSR key', |
| 719 | 709 |
$pconfig['keypaste'] |
| 720 |
))->setHelp('Paste a Certificate Signing Request private key in X.509 PEM format here.');
|
|
| 710 |
))->setHelp('Paste a Certificate Signing Request provate key in X.509 PEM format here.');
|
|
| 721 | 711 |
|
| 722 | 712 |
$form->add($section); |
| 723 | 713 |
|
| ... | ... | |
| 1246 | 1236 |
} |
| 1247 | 1237 |
|
| 1248 | 1238 |
$subject = cert_get_subject_array($ca['crt']); |
| 1249 |
|
|
| 1250 | 1239 |
?> |
| 1251 | 1240 |
case "<?=$ca['refid'];?>": |
| 1252 | 1241 |
$('#dn_country').val("<?=$subject[0]['v'];?>");
|
| ... | ... | |
| 1263 | 1252 |
} |
| 1264 | 1253 |
|
| 1265 | 1254 |
function set_csr_ro() {
|
| 1266 |
var newcsr = $('#csrtosign').val() == "new");
|
|
| 1255 |
var newcsr = ($('#csrtosign').val() == "new");
|
|
| 1267 | 1256 |
|
| 1268 | 1257 |
$('#csrpaste').attr('readonly', !newcsr);
|
| 1269 | 1258 |
$('#keypaste').attr('readonly', !newcsr);
|
Also available in: Unified diff
Revised error handling for CSR signing