deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix missing slash, Logic for renew and formatting

Browse Source
This commit is contained in:
John Crisp
2021-03-09 01:05:14 +01:00
parent f88dcc375b
commit 5f6b7b0cb7
1 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
include/openssl_functions.php
View File

@@ -497,7 +497,7 @@ function CAdb_is_valid($serial)
function CA_cert_text($serial) function CA_cert_text($serial)
{ {
global $config; global $config;
$certfile = $config['new_certs_dir'] . '/' . $serial . '.pem'; $certfile = $config['new_certs_dir'] . "/$serial.pem";
return(shell_exec(X509.' -in '.escshellarg($certfile).' -text -purpose 2>&1')); return(shell_exec(X509.' -in '.escshellarg($certfile).' -text -purpose 2>&1'));
} }
@@ -539,7 +539,7 @@ function root_pem_text()
function CA_cert_subject($serial) function CA_cert_subject($serial)
{ {
global $config; global $config;
$certfile = $config['new_certs_dir'] . '/' . $serial . '.pem'; $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -subject 2>&1'); $x = exec(X509.' -in '.escshellarg($certfile).' -noout -subject 2>&1');
return(str_replace('subject=', '', $x)); return(str_replace('subject=', '', $x));
} }
@@ -560,7 +560,7 @@ function CA_cert_cname($serial)
function CA_cert_email($serial) function CA_cert_email($serial)
{ {
global $config; global $config;
$certfile = $config['new_certs_dir'] . '/' . $serial . '.pem'; $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -email 2>&1'); $x = exec(X509.' -in '.escshellarg($certfile).' -noout -email 2>&1');
return($x); return($x);
} }
@@ -571,7 +571,7 @@ function CA_cert_email($serial)
function CA_cert_startdate($serial) function CA_cert_startdate($serial)
{ {
global $config; global $config;
$certfile = $config['new_certs_dir'] . '/' . $serial . '.pem'; $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -startdate 2>&1'); $x = exec(X509.' -in '.escshellarg($certfile).' -noout -startdate 2>&1');
return(str_replace('notBefore=', '', $x)); return(str_replace('notBefore=', '', $x));
} }
@@ -582,7 +582,7 @@ function CA_cert_startdate($serial)
function CA_cert_enddate($serial) function CA_cert_enddate($serial)
{ {
global $config; global $config;
$certfile = $config['new_certs_dir'] . '/' . $serial . '.pem'; $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -enddate 2>&1'); $x = exec(X509.' -in '.escshellarg($certfile).' -noout -enddate 2>&1');
return(str_replace('notAfter=', '', $x)); return(str_replace('notAfter=', '', $x));
} }
@@ -633,7 +633,7 @@ function CA_create_cert($cert_type = 'email', $country, $province, $locality, $o
$userkey = $config['private_dir'] . "/$serial-key.pem"; $userkey = $config['private_dir'] . "/$serial-key.pem";
$userreq = $config['req_dir'] ."/$serial-req.pem"; $userreq = $config['req_dir'] ."/$serial-req.pem";
$usercert = $config['new_certs_dir'].'/'.$serial.'.pem'; $usercert = $config['new_certs_dir'] . "/$serial.pem";
$userder = $config['cert_dir'] . "/$serial.der"; $userder = $config['cert_dir'] . "/$serial.der";
$userpfx = $config['pfx_dir'] . "/$serial.pfx"; $userpfx = $config['pfx_dir'] . "/$serial.pfx";
@@ -765,7 +765,7 @@ function CA_renew_cert($old_serial, $expiry, $passwd)
# Get the next available serial number # Get the next available serial number
$serial = trim(implode('', file($config['serial']))); $serial = trim(implode('', file($config['serial'])));
$old_userkey = $config['private_dir'] . "$old_serial-key.pem"; $old_userkey = $config['private_dir'] . "/$old_serial-key.pem";
$old_userreq = $config['req_dir'] . "/$old_serial-req.pem"; $old_userreq = $config['req_dir'] . "/$old_serial-req.pem";
$userkey = $config['private_dir'] . "/$serial-key.pem"; $userkey = $config['private_dir'] . "/$serial-key.pem";
$userreq = $config['req_dir'] . "/$serial-req.pem"; $userreq = $config['req_dir'] . "/$serial-req.pem";
@@ -836,6 +836,8 @@ function CA_renew_cert($old_serial, $expiry, $passwd)
#Unlock the CA database #Unlock the CA database
fclose($fd); fclose($fd);
// Why is this here?
//# https://github.com/radicand/phpki/issues/14 - but ereg is deprecated //# https://github.com/radicand/phpki/issues/14 - but ereg is deprecated
if (preg_match('/E-mail Protection/', $certtext)) { if (preg_match('/E-mail Protection/', $certtext)) {
$cert_type = 'email'; $cert_type = 'email';
@@ -946,11 +948,10 @@ function CA_cert_type($serial)
$certtext = CA_cert_text($serial); $certtext = CA_cert_text($serial);
if (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext)) {
$cert_type = 'email';
}
if (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext) && preg_match('~Code Signing~', $certtext)) { if (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext) && preg_match('~Code Signing~', $certtext)) {
$cert_type = 'email_signing'; // Was 'codesigning' but can't see that anywhere $cert_type = 'email_signing'; // Was 'codesigning' but can't see that anywhere
} elseif (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext)) {
$cert_type = 'email';
} elseif (preg_match('~OpenSSL.* Server .*Certificate~', $certtext)) { } elseif (preg_match('~OpenSSL.* Server .*Certificate~', $certtext)) {
$cert_type = 'server'; $cert_type = 'server';
} elseif (preg_match('~timeStamping|Time Stamping~', $certtext)) { } elseif (preg_match('~timeStamping|Time Stamping~', $certtext)) {