deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove IP from Alt Name DNS entry

Browse Source
This commit is contained in:
John Crisp
2020-02-27 18:04:00 +01:00
parent 4484ac7926
commit d3d8e7ffa9
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
include/openssl_functions.php
View File

@@ -32,7 +32,8 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
if (! $value == '') { if (! $value == '') {
$count_dns = $count_dns + 1; $count_dns = $count_dns + 1;
$count_ip = $count_ip + 1; $count_ip = $count_ip + 1;
$alt_names .= "DNS.$count_dns = ".trim($value)."\n"; # reetp IP should not be added to a DNS entry
#$alt_names .= "DNS.$count_dns = ".trim($value)."\n";
$alt_names .= "IP.$count_ip = ".trim($value)."\n"; $alt_names .= "IP.$count_ip = ".trim($value)."\n";
} }
} }
@@ -232,7 +233,7 @@ $alt_names
# Write out the config file. # Write out the config file.
$cnf_file = tempnam('./tmp','cnf-'); // Why is this not in the phpki dir ? why ../../ ? $cnf_file = tempnam('../../tmp','cnf-'); // Why is this not in the phpki dir ? why ../../ ?
$handle = fopen($cnf_file,"w"); $handle = fopen($cnf_file,"w");
fwrite($handle, $cnf_contents); fwrite($handle, $cnf_contents);
fclose($handle); fclose($handle);
@@ -592,7 +593,7 @@ function CA_create_cert($cert_type='email',$country,$province,$locality,$organiz
exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret); exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret);
} }
else { else {
exec(REQ." -new -nodes -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' 2>&1", $cmd_output, $ret); exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -nodes 2>&1", $cmd_output, $ret);
} }
# Sign the certificate request and create the certificate # Sign the certificate request and create the certificate
@@ -749,8 +750,10 @@ function CA_renew_cert($old_serial,$expiry,$passwd) {
} }
else { else {
$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx"; $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx";
#exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -passout pass: 2>&1", $cmd_output, $ret); exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -passout pass: 2>&1", $cmd_output, $ret);
exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -nodes 2>&1", $cmd_output, $ret); # reetp
# exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$config[cacert_pem]' -caname '$config[organization]' -out '$userpfx' -name $friendly_name -nodes 2>&1", $cmd_output, $ret);
} }
}; };