deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitise your passwords

Browse Source
This commit is contained in:
John Crisp
2020-02-21 12:41:02 +01:00
parent f55cdf66fc
commit 0d2a3f0138
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/openssl_functions.php
View File

@@ -301,6 +301,8 @@ function CAdb_get_entry($serial) {
// //
function CAdb_in($email="", $name="") { function CAdb_in($email="", $name="") {
global $config; global $config;
$email = escshellcmd($email);
$name = escshellcmd($name);
$regexp = "^[V].*CN=$name/(Email|emailAddress)=$email"; $regexp = "^[V].*CN=$name/(Email|emailAddress)=$email";
$x =exec('egrep '.escshellarg($regexp).' '.$config[index]); $x =exec('egrep '.escshellarg($regexp).' '.$config[index]);
@@ -540,7 +542,7 @@ function CA_create_cert($cert_type='email',$country,$province,$locality,$organiz
unset($cmd_output); unset($cmd_output);
$cmd_output[] = 'Creating certificate request.'; $cmd_output[] = 'Creating certificate request.';
if ($passwd) { if (($_passwd) && ($_passwd != "''")) {
exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret); exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret);
} }
else { else {
@@ -565,7 +567,7 @@ function CA_create_cert($cert_type='email',$country,$province,$locality,$organiz
if ($ret == 0) { if ($ret == 0) {
unset($cmd_output); unset($cmd_output);
$cmd_output[] = "Creating PKCS12 format certifcate."; $cmd_output[] = "Creating PKCS12 format certifcate.";
if ($passwd) { if (($_passwd) && ($_passwd != "''")) { {
$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd"; $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd";
exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -rand '$config[random]' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret); exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -rand '$config[random]' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret);
} }
@@ -695,7 +697,7 @@ function CA_renew_cert($old_serial,$expiry,$passwd) {
if ($ret == 0) { if ($ret == 0) {
unset($cmd_output); unset($cmd_output);
$cmd_output[] = "Creating PKCS12 format certificate."; $cmd_output[] = "Creating PKCS12 format certificate.";
if ($passwd) { if (($_passwd) && ($_passwd != "''")) {
$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd"; $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd";
exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -rand '$config[random]' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret); exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -rand '$config[random]' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret);
} }