deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added alt_names for ssl vert

Browse Source
This commit is contained in:
majestick
2013-07-21 11:31:44 +02:00
parent 3a89da1843
commit bfd521a5fc
1 changed files with 44 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
include/openssl_functions.php
View File

@@ -5,10 +5,41 @@
// File name is placed in ./tmp with a random name. It lingers unless // File name is placed in ./tmp with a random name. It lingers unless
// removed manually. // removed manually.
// //
function CA_create_cnf($country='',$province='',$locality='',$organization='',$unit='',$common_name='',$email='',$keysize=4096) { function CA_create_cnf($country='',$province='',$locality='',$organization='',$unit='',$common_name='',$email='',$keysize=4096,$dns_names='',$ip_addr='') {
global $config, $PHPki_user; global $config, $PHPki_user;
$issuer = $PHPki_user; $issuer = $PHPki_user;
$count_dns = 0;
$count_ip = 0;
$alt_names = "";
if (! $dns_names == '') {
$dns_n=explode("\n", $dns_names);
$count_dns = $count_dns + 1;
$alt_names .= "DNS.$count_dns = $common_name\n";
foreach ($dns_n as $value) {
$count_dns = $count_dns + 1;
$alt_names .= "DNS.$count_dns = ".trim($value)."\n";
}
}
if (! $ip_addr == '') {
$ip_ar=explode("\n", $ip_addr);
foreach ($ip_ar as $value) {
$count_dns = $count_dns + 1;
$count_ip = $count_ip + 1;
$alt_names .= "DNS.$count_dns = ".trim($value)."\n";
$alt_names .= "IP.$count_ip = ".trim($value)."\n";
}
}
if (($count_dns > 0) || ($count_ip > 0)) {
$server_altnames = "@alt_names";
} else {
$server_altnames = "DNS:$common_name,email:copy";
}
$cnf_contents = " $cnf_contents = "
HOME = $config[home_dir] HOME = $config[home_dir]
@@ -104,7 +135,7 @@ subjectKeyIdentifier = hash
subjectAltName = email:copy subjectAltName = email:copy
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
nsComment = \"PHPki/OpenSSL Generated Root Certificate\" nsComment = \"PHPki/OpenSSL Generated Root Certificate\"
#nsCaRevocationUrl = ns_revoke_query.php? #nsCaRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
nsCaPolicyUrl = $config[base_url]policy.html nsCaPolicyUrl = $config[base_url]policy.html
[ email_ext ] [ email_ext ]
@@ -119,7 +150,7 @@ issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
nsComment = \"PHPki/OpenSSL Generated Personal Certificate\" nsComment = \"PHPki/OpenSSL Generated Personal Certificate\"
nsBaseUrl = $config[base_url] nsBaseUrl = $config[base_url]
nsRevocationUrl = ns_revoke_query.php? nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
nsCaPolicyUrl = $config[base_url]policy.html nsCaPolicyUrl = $config[base_url]policy.html
[ email_signing_ext ] [ email_signing_ext ]
@@ -134,7 +165,7 @@ issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
nsComment = \"PHPki/OpenSSL Generated Personal Certificate\" nsComment = \"PHPki/OpenSSL Generated Personal Certificate\"
nsBaseUrl = $config[base_url] nsBaseUrl = $config[base_url]
nsRevocationUrl = ns_revoke_query.php? nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
nsCaPolicyUrl = $config[base_url]policy.html nsCaPolicyUrl = $config[base_url]policy.html
[ server_ext ] [ server_ext ]
@@ -144,12 +175,12 @@ nsCertType = critical, server
extendedKeyUsage = critical, serverAuth extendedKeyUsage = critical, serverAuth
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = $server_altnames
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
nsComment = \"PHPki/OpenSSL Generated Server Certificate\" nsComment = \"PHPki/OpenSSL Generated Server Certificate\"
nsBaseUrl = $config[base_url] nsBaseUrl = $config[base_url]
nsRevocationUrl = ns_revoke_query.php? nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
nsCaPolicyUrl = $config[base_url]policy.html nsCaPolicyUrl = $config[base_url]policy.html
[ time_stamping_ext ] [ time_stamping_ext ]
@@ -163,7 +194,7 @@ issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
nsComment = \"PHPki/OpenSSL Generated Time Stamping Certificate\" nsComment = \"PHPki/OpenSSL Generated Time Stamping Certificate\"
nsBaseUrl = $config[base_url] nsBaseUrl = $config[base_url]
nsRevocationUrl = ns_revoke_query.php? nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
[ vpn_client_ext ] [ vpn_client_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
@@ -191,8 +222,12 @@ nsCertType = critical, server, client
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = DNS:$common_name,email:copy
[alt_names]
$alt_names
"; ";
# Write out the config file. # Write out the config file.
$cnf_file = tempnam('./tmp','cnf-'); $cnf_file = tempnam('./tmp','cnf-');
$handle = fopen($cnf_file,"w"); $handle = fopen($cnf_file,"w");
@@ -466,7 +501,7 @@ function CA_revoke_cert($serial) {
// //
// Returns an array containing the output of failed openssl commands. // Returns an array containing the output of failed openssl commands.
// //
function CA_create_cert($cert_type='email',$country,$province,$locality,$organization,$unit,$common_name,$email,$expiry,$passwd,$keysize=1024) { function CA_create_cert($cert_type='email',$country,$province,$locality,$organization,$unit,$common_name,$email,$expiry,$passwd,$keysize=1024,$dns_names,$ip_addr) {
global $config; global $config;
# Wait here if another user has the database locked. # Wait here if another user has the database locked.
@@ -484,7 +519,7 @@ function CA_create_cert($cert_type='email',$country,$province,$locality,$organiz
$expiry_days = round($expiry * 365.25, 0); $expiry_days = round($expiry * 365.25, 0);
$cnf_file = CA_create_cnf($country,$province,$locality,$organization,$unit,$common_name,$email,$keysize); $cnf_file = CA_create_cnf($country,$province,$locality,$organization,$unit,$common_name,$email,$keysize,$dns_names,$ip_addr);
# Escape certain dangerous characters in user input # Escape certain dangerous characters in user input
$email = escshellcmd($email); $email = escshellcmd($email);