Project

General

Profile

« Previous | Next » 

Revision fd750cd0

Added by Pi Ba almost 12 years ago

Certificate Manager, for 'Create an internal Certificate' use the correct 'Digest Algorithm'

View differences:

usr/local/www/system_certmanager.php
107 107 
if ($act == "new") {
108 108 
	$pconfig['method'] = $_GET['method'];
109 109 
	$pconfig['keylen'] = "2048";
110 
	$pconfig['csr_keylen'] = "2048";
111 110 
	$pconfig['digest_alg'] = "sha256";
111 
	$pconfig['csr_keylen'] = "2048";
112 
	$pconfig['csr_digest_alg'] = "sha256";
112 113 
	$pconfig['type'] = "user";
113 114 
	$pconfig['lifetime'] = "3650";
114 115 
}
......
295 296 
				}else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
296 297 
					array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
297 298 
			}
299
298 300 
			if (isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens))
299 301 
				array_push($input_errors, gettext("Please select a valid Key Length."));
302 
			if (!in_array($_POST["digest_alg"], $openssl_digest_algs))
303 
				array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
304
300 305 
			if (isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens))
301 306 
				array_push($input_errors, gettext("Please select a valid Key Length."));
302 
			if (!in_array($_POST["digest_alg"], $openssl_digest_algs))
307 
			if (!in_array($_POST["csr_digest_alg"], $openssl_digest_algs))
303 308 
				array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
304 309 
		}
305 310 

  		




  ......




  368
  373
  
    
						}


  		




  369
  374
  
    
						$dn['subjectAltName'] = implode(",", $altnames_tmp);


  		




  370
  375
  
    
					}


  		




  371
  
  
    
					if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['digest_alg'])){


  		




  
  376
  
    
					if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])){


  		




  372
  377
  
    
						while($ssl_err = openssl_error_string()){


  		




  373
  378
  
    
							$input_errors = array();


  		




  374
  379
  
    
							array_push($input_errors, "openssl library returns: " . $ssl_err);


  		




  ......




  866
  871
  
    
						<tr>


  		




  867
  872
  
    
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>


  		




  868
  873
  
    
							<td width="78%" class="vtable">


  		




  869
  
  
    
								<select name='digest_alg' id='digest_alg' class="formselect">


  		




  
  874
  
    
								<select name='csr_digest_alg' id='csr_digest_alg' class="formselect">


  		




  870
  875
  
    
								<?php


  		




  871
  
  
    
									foreach( $openssl_digest_algs as $digest_alg):


  		




  
  876
  
    
									foreach( $openssl_digest_algs as $csr_digest_alg):


  		




  872
  877
  
    
									$selected = "";


  		




  873
  
  
    
									if ($pconfig['digest_alg'] == $digest_alg)


  		




  
  878
  
    
									if ($pconfig['csr_digest_alg'] == $csr_digest_alg)


  		




  874
  879
  
    
										$selected = " selected=\"selected\"";


  		




  875
  880
  
    
								?>


  		




  876
  
  
    
									<option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option>


  		




  
  881
  
    
									<option value="<?=$csr_digest_alg;?>"<?=$selected;?>><?=strtoupper($csr_digest_alg);?></option>


  		




  877
  882
  
    
								<?php endforeach; ?>


  		




  878
  883
  
    
								</select>


  		




  879
  884
  
    
								<br/><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>


  		












Also available in:  Unified diff