Revision b8b33a3e
Added by Jim Pingle over 5 years ago
| src/etc/inc/certs.inc | ||
|---|---|---|
| 696 | 696 |
return false; |
| 697 | 697 |
} |
| 698 | 698 |
|
| 699 |
function cert_get_dates($str_crt, $decode = true) {
|
|
| 699 |
function cert_get_dates($str_crt, $decode = true, $outputstring = true) {
|
|
| 700 | 700 |
if ($decode) {
|
| 701 | 701 |
$str_crt = base64_decode($str_crt); |
| 702 | 702 |
} |
| 703 | 703 |
$crt_details = openssl_x509_parse($str_crt); |
| 704 |
if ($crt_details['validFrom_time_t'] > 0) {
|
|
| 705 |
$start = date('r', $crt_details['validFrom_time_t']);
|
|
| 706 |
} else {
|
|
| 707 |
$dt = DateTime::createFromFormat('ymdHis', rtrim($crt_details['validFrom'], 'Z'));
|
|
| 708 |
if ($dt !== false) {
|
|
| 709 |
$start = $dt->format(DateTimeInterface::RFC2822);
|
|
| 704 |
$now = new DateTime("now");
|
|
| 705 |
$start = DateTime::createFromFormat('ymdHis', rtrim($crt_details['validFrom'], 'Z'), new DateTimeZone('Z'));
|
|
| 706 |
if ($start !== false) {
|
|
| 707 |
$start->setTimezone($now->getTimeZone());
|
|
| 708 |
if ($outputstring) {
|
|
| 709 |
$start = $start->format(DateTimeInterface::RFC2822);
|
|
| 710 | 710 |
} |
| 711 | 711 |
} |
| 712 |
if ($crt_details['validTo_time_t'] > 0) {
|
|
| 713 |
$end = date('r', $crt_details['validTo_time_t']);
|
|
| 714 |
} else {
|
|
| 715 |
$dt = DateTime::createFromFormat('ymdHis', rtrim($crt_details['validTo'], 'Z'));
|
|
| 716 |
if ($dt !== false) {
|
|
| 717 |
$end = $dt->format(DateTimeInterface::RFC2822); |
|
| 712 |
$end = DateTime::createFromFormat('ymdHis', rtrim($crt_details['validTo'], 'Z'), new DateTimeZone('Z'));
|
|
| 713 |
if ($end !== false) {
|
|
| 714 |
$end->setTimezone($now->getTimeZone()); |
|
| 715 |
if ($outputstring) {
|
|
| 716 |
$end = $end->format(DateTimeInterface::RFC2822); |
|
| 718 | 717 |
} |
| 719 | 718 |
} |
| 720 | 719 |
return array($start, $end); |
| ... | ... | |
| 1950 | 1949 |
return null; |
| 1951 | 1950 |
} |
| 1952 | 1951 |
/* Read certificate details */ |
| 1953 |
$cert_details = openssl_x509_parse(base64_decode($cert['crt'])); |
|
| 1952 |
list($startdate, $enddate) = cert_get_dates($cert['crt'], true, false); |
|
| 1953 |
|
|
| 1954 | 1954 |
/* Determine which start time to use (now, or cert start) */ |
| 1955 |
$fromtime = ($untilexpire) ? time() : $cert_details['validFrom_time_t']; |
|
| 1956 |
/* Calculate and return the requested duration, converting from seconds to days. */ |
|
| 1957 |
return (int) round(($cert_details['validTo_time_t'] - $fromtime) / 86400); |
|
| 1955 |
$startdate = ($untilexpire) ? new DateTime("now") : $startdate;
|
|
| 1956 |
|
|
| 1957 |
/* Calculate the requested intervals */ |
|
| 1958 |
$interval = $startdate->diff($enddate); |
|
| 1959 |
|
|
| 1960 |
return $interval->days; |
|
| 1958 | 1961 |
} |
| 1959 | 1962 |
|
| 1960 | 1963 |
/****f* certs/cert_analyze_lifetime |
| ... | ... | |
| 2200 | 2203 |
/* Check all CA and Cert entries at once */ |
| 2201 | 2204 |
init_config_arr(array('ca'));
|
| 2202 | 2205 |
init_config_arr(array('cert'));
|
| 2203 |
$all_certs = array_merge_recursive_unique($config['ca'], $config['cert']);
|
|
| 2206 |
$all_certs = array_merge_recursive($config['ca'], $config['cert']); |
|
| 2204 | 2207 |
|
| 2205 | 2208 |
foreach ($all_certs as $cert) {
|
| 2209 |
if (empty($cert)) {
|
|
| 2210 |
continue; |
|
| 2211 |
} |
|
| 2206 | 2212 |
/* Fetch and analyze expiration */ |
| 2207 | 2213 |
$expiredays = cert_get_lifetime($cert, true); |
| 2208 | 2214 |
/* If the result is null, then the lifetime data is missing, so skip the invalid entry. */ |
Also available in: Unified diff
Use more accurate date calculations for CA/Cert operations.
Otherwise calculations could fail on ARM