patches applied from our bz and from sourceforge tickets

phpki-0.82.bz10622.fixphpwarnings.patch phpki-0.82-empty_pass_php_5.2.patch phpki-0.82-remove_email_from_upload_file_name.patch phpki-0.82-ca_admin_users.patch phpki-0.82-expirey.patch phpki-0.82-remove_security_warning.patch phpki-0.82-ca_help.patch phpki-0.82-fix-dates-2.patch phpki-0.82-sme_admin_user.patch phpki-0.82-disable_download_after_create.patch phpki-0.82-fix-dates-3.patch phpki-0.82-sme_openvpn_bridge_compat.patch phpki-0.82-display_root_pem.patch phpki-0.82-fix-dates.patch phpki-0.82-update_crl_via_cron.patch phpki-0.82-dl_crl_in_pem.patch phpki-0.82-fix-preg_match.patch phpki-0.82-use_sha1.patch phpki-0.82-dl_display_ta_dh.patch phpki-0.82-openvpn_static_key.patch phpki-0.82-email_signing.patch phpki-0.82-potential_xss_php_self.patch
2025-09-10 23:04:01 -04:00
parent 66ea908568
commit 245e1bcd0b
12 changed files with 299 additions and 123 deletions
--- a/root/ca/main.php
+++ b/root/ca/main.php
@@ -10,6 +10,14 @@ $stage = gpvar('stage');

 switch($stage) {

+case 'dl_takey':
+        upload("$config[private_dir]/takey.pem", "$config[ca_prefix]takey.pem", 'application/octet-stream');
+        break;
+
+case 'dl_dhparam':
+        upload("$config[private_dir]/dhparam1024.pem", "$config[ca_prefix]dhparam1024.pem", 'application/octet-stream');
+        break;
+
 case 'dl_root':
 	upload("$config[cacert_pem]", "$config[ca_prefix]cacert.crt", 'application/x-x509-ca-cert');
 	break;
@@ -18,6 +26,10 @@ case 'dl_crl':
 	upload("$config[cacrl_der]", "$config[ca_prefix]cacrl.crl", 'application/pkix-crl');
 	break;

+case 'dl_crl_pem':
+       upload("$config[cacrl_pem]", "$config[ca_prefix]cacrl.crl", 'application/octet-stream');
+       break;
+
 case 'gen_crl':
        list($ret,$errtxt) = CA_generate_crl();

@@ -50,6 +62,46 @@ case 'gen_crl':
        }
        break;

+case 'display_takey':
+        printHeader(false);
+
+        ?>
+        <center><h2>OpenVPN pre-shared Key</h2></center>
+        <p>
+        <form action=<?=$PHP_SELF?> method=post>
+        <input type=submit name=submit value="Back to Menu">
+        </form>
+        <?
+        print '<pre>'.ta_key_text().'</pre>';
+        break;
+
+case 'display_dhparam':
+        printHeader(false);
+
+        ?>
+        <center><h2>OpenVPN Diffie-Helman parameters</h2></center>
+        <p>
+        <form action=<?=$PHP_SELF?> method=post>
+        <input type=submit name=submit value="Back to Menu">
+        </form>
+        <?
+        print '<pre>'.dhparam_text().'</pre>';
+        break;
+
+case 'display_root_pem':
+        printHeader(false);
+
+        ?>
+        <center><h2>Root certificate file (PEM Encoded)</h2></center>
+        <p>
+        <form action=<?=$PHP_SELF?> method=post>
+        <input type=submit name=submit value="Back to Menu">
+        </form>
+        <?
+        print '<pre>'.root_pem_text().'</pre>';
+        break;
+
+
 default:
 	printHeader('ca');
 	?>
@@ -74,18 +126,31 @@ default:
 	<td>Some applications automagically reference the Certificate Revocation List to determine
 	certificate validity.  It is not necessary to perform this update function, as the CRL is 
 	updated when certificates are revoked.  However, doing so is harmless.
-	<a href=../help.php target=_help>Read the online help</a> to learn more about this.</td></tr>
+	<a href=../ca/help.php target=_help>Read the online help</a> to learn more about this.</td></tr>

 	<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
-	<a href=<?=$PHP_SELF?>?stage=dl_root>Download the Root Certificate</a></td>
+	<a href=<?=$PHP_SELF?>?stage=dl_root>Download the Root Certificate</a><br><br>
+	<a href=<?=$PHP_SELF?>?stage=display_root_pem>Display the Root Certificate (PEM Encoded)</a></td>
 	<td>The "Root" certificate must be installed before using any of the 
-	certificates issued here. <a href=../help.php target=_help>Read the online help</a> 
+	certificates issued here. <a href=../ca/help.php target=_help>Read the online help</a> 
 	to learn more about this.</td></tr>

 	<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
 	<a href=<?=$PHP_SELF?>?stage=dl_crl>Download the Certificate Revocation List</a></td>
 	<td>This is the official list of revoked certificates.  Using this list with your e-mail or
-	browser application is optional.  Some applications will automagically reference this list. </td></tr>
+	browser application is optional.  Some applications will automagically reference this list.
+	(<a href="<?=$PHP_SELF?>?stage=dl_crl_pem">Some will need it in PEM format.</a>)</td></tr>
+
+        <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
+        <a href=<?=$PHP_SELF?>?stage=dl_takey>Download the static pre-shared key</a><br><br>
+        <a href=<?=$PHP_SELF?>?stage=display_takey>Display the static pre-shared key</a></td>
+        <td>This key can be used with OpenVPN as a standalone auth mecanism, or as an additionnal TLS authentication.</td></tr>
+
+        <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
+        <a href=<?=$PHP_SELF?>?stage=dl_dhparam>Download the Diffie-Hellman parameters</a><br><br>
+        <a href=<?=$PHP_SELF?>?stage=display_dhparam>Display the Diffie-Hellman parameters</a></td>
+        <td>This file is used by OpenVPN for the hand-shake. The Diffie-Hellman key agreement 
+        protocol enables two communication partners to exchange a secret key safely.</td></tr>

 	</table>
 	</center>