Revision e0f8d364
Added by Viktor Gurov over 5 years ago
| src/etc/inc/certs.inc | ||
|---|---|---|
| 27 | 27 |
require_once("functions.inc");
|
| 28 | 28 |
|
| 29 | 29 |
global $openssl_digest_algs; |
| 30 |
global $openssl_eckeys; |
|
| 31 | 30 |
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
|
| 32 |
$openssl_eckeys = array("secp112r1", "secp112r2", "secp128r1", "secp128r2", "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp224k1", "secp224r1", "secp256k1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "prime256v1", "sect113r1", "sect113r2", "sect131r1", "sect131r2", "sect163k1", "sect163r1", "sect163r2", "sect193r1", "sect193r2", "sect233k1", "sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1", "sect409r1", "sect571k1", "sect571r1", "c2pnb163v1", "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", "c2pnb272w1", "c2pnb304w1", "c2tnb359v1", "c2pnb368w1", "c2tnb431r1", "wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls12", "brainpoolP160r1", "brainpoolP160t1", "brainpoolP192r1", "brainpoolP192t1", "brainpoolP224r1", "brainpoolP224t1", "brainpoolP256r1", "brainpoolP256t1", "brainpoolP320r1", "brainpoolP320t1", "brainpoolP384r1", "brainpoolP384t1", "brainpoolP512r1", "brainpoolP512t1");
|
|
| 33 | 31 |
|
| 34 | 32 |
global $openssl_crl_status; |
| 35 | 33 |
/* Numbers are set in the RFC: https://www.ietf.org/rfc/rfc5280.txt */ |
| ... | ... | |
| 314 | 312 |
return true; |
| 315 | 313 |
} |
| 316 | 314 |
|
| 317 |
function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type = "user", $digest_alg = "sha256", $eckey = "brainpoolP160r1", $keytype = "RSA") {
|
|
| 315 |
function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type = "user", $digest_alg = "sha256", $keytype = "RSA", $ecname = "brainpoolP256r1") {
|
|
| 318 | 316 |
|
| 319 | 317 |
$cert['type'] = $type; |
| 320 | 318 |
|
| ... | ... | |
| 353 | 351 |
"digest_alg" => $digest_alg, |
| 354 | 352 |
"encrypt_key" => false); |
| 355 | 353 |
if ($keytype == 'ECDSA') {
|
| 356 |
$args["curve_name"] = $eckey;
|
|
| 354 |
$args["curve_name"] = $ecname;
|
|
| 357 | 355 |
$args["private_key_type"] = OPENSSL_KEYTYPE_EC; |
| 358 | 356 |
} else {
|
| 359 | 357 |
$args["private_key_bits"] = (int)$keylen; |
| ... | ... | |
| 401 | 399 |
return true; |
| 402 | 400 |
} |
| 403 | 401 |
|
| 404 |
function csr_generate(& $cert, $keylen, $dn, $type = "user", $digest_alg = "sha256", $eckey = "brainpoolP160r1", $keytype = "RSA") {
|
|
| 402 |
function csr_generate(& $cert, $keylen, $dn, $type = "user", $digest_alg = "sha256", $keytype = "RSA", $ecname = "brainpoolP256r1") {
|
|
| 405 | 403 |
|
| 406 | 404 |
$cert_type = cert_type_config_section($type); |
| 407 | 405 |
|
| ... | ... | |
| 415 | 413 |
|
| 416 | 414 |
$args = array( |
| 417 | 415 |
"x509_extensions" => $cert_type, |
| 416 |
"req_extensions" => "req_{$cert_type}",
|
|
| 418 | 417 |
"digest_alg" => $digest_alg, |
| 419 | 418 |
"encrypt_key" => false); |
| 420 | 419 |
if ($keytype == 'ECDSA') {
|
| 421 |
$args["curve_name"] = $eckey;
|
|
| 420 |
$args["curve_name"] = $ecname;
|
|
| 422 | 421 |
$args["private_key_type"] = OPENSSL_KEYTYPE_EC; |
| 423 | 422 |
} else {
|
| 424 | 423 |
$args["private_key_bits"] = (int)$keylen; |
Also available in: Unified diff
fixes