diff options
| author | jim-p <jimp@netgate.com> | 2018-08-20 15:46:59 -0400 |
|---|---|---|
| committer | jim-p <jimp@netgate.com> | 2018-08-20 15:49:17 -0400 |
| commit | 1ec79365df1315b51542ec7344e4161d29e6b17f (patch) | |
| tree | c14e1aa66348e63044a3ff8b939913362d47e215 | |
| parent | 966835f801bd90c5d85bb5f2572972437080bf54 (diff) | |
| download | pfsense-1ec79365df1315b51542ec7344e4161d29e6b17f.zip pfsense-1ec79365df1315b51542ec7344e4161d29e6b17f.tar.gz | |
Certs: Fix CA subject assumptions. Fixes #8801
Several areas made assumptions about the number and order of CA subject
fields that were no longer correct after issue #8381 was corrected.
While here, also remove some outdated references to fields that are no
longer needed in related areas.
| -rw-r--r-- | src/etc/inc/system.inc | 4 | ||||
| -rw-r--r-- | src/usr/local/www/system_certmanager.php | 12 | ||||
| -rw-r--r-- | src/usr/local/www/system_usermanager.php | 28 | ||||
| -rw-r--r-- | src/usr/local/www/wizards/openvpn_wizard.inc | 10 |
4 files changed, 30 insertions, 24 deletions
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 6489c11..8c17208 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1185,11 +1185,7 @@ function system_webgui_create_certificate() { $cert_hostname = "{$config['system']['hostname']}-{$cert['refid']}"; $dn = array( - 'countryName' => "US", - 'stateOrProvinceName' => "State", - 'localityName' => "Locality", 'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate", - 'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}", 'commonName' => $cert_hostname, 'subjectAltName' => "DNS:{$cert_hostname}"); $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */ diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index 42474fa..6975569 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -1304,14 +1304,14 @@ events.push(function() { continue; } - $subject = cert_get_subject_array($ca['crt']); + $subject = cert_get_subject_hash($ca['crt']); ?> case "<?=$ca['refid'];?>": - $('#dn_country').val(<?=json_encode(cert_escape_x509_chars($subject[0]['v'], true));?>); - $('#dn_state').val(<?=json_encode(cert_escape_x509_chars($subject[1]['v'], true));?>); - $('#dn_city').val(<?=json_encode(cert_escape_x509_chars($subject[2]['v'], true));?>); - $('#dn_organization').val(<?=json_encode(cert_escape_x509_chars($subject[3]['v'], true));?>); - $('#dn_organizationalunit').val(<?=json_encode(cert_escape_x509_chars($subject[6]['v'], true));?>); + $('#dn_country').val(<?=json_encode(cert_escape_x509_chars($subject['C'], true));?>); + $('#dn_state').val(<?=json_encode(cert_escape_x509_chars($subject['ST'], true));?>); + $('#dn_city').val(<?=json_encode(cert_escape_x509_chars($subject['L'], true));?>); + $('#dn_organization').val(<?=json_encode(cert_escape_x509_chars($subject['O'], true));?>); + $('#dn_organizationalunit').val(<?=json_encode(cert_escape_x509_chars($subject['OU'], true));?>); break; <?php endforeach; diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index 2e36020..2b7bdd9 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -409,15 +409,25 @@ if ($_POST['save']) { $cert['descr'] = $_POST['name']; - $subject = cert_get_subject_array($ca['crt']); - - $dn = array( - 'countryName' => $subject[0]['v'], - 'stateOrProvinceName' => $subject[1]['v'], - 'localityName' => $subject[2]['v'], - 'organizationName' => $subject[3]['v'], - 'emailAddress' => $subject[4]['v'], - 'commonName' => $userent['name']); + $subject = cert_get_subject_hash($ca['crt']); + + $dn = array(); + if (!empty($subject['C'])) { + $dn['countryName'] = $subject['C']; + } + if (!empty($subject['ST'])) { + $dn['stateOrProvinceName'] = $subject['ST']; + } + if (!empty($subject['L'])) { + $dn['localityName'] = $subject['L']; + } + if (!empty($subject['O'])) { + $dn['organizationName'] = $subject['O']; + } + if (!empty($subject['OU'])) { + $dn['organizationalUnit'] = $subject['OU']; + } + $dn['commonName'] = $userent['name']; $cn_altname = cert_add_altname_type($userent['name']); if (!empty($cn_altname)) { $dn['subjectAltName'] = $cn_altname; diff --git a/src/usr/local/www/wizards/openvpn_wizard.inc b/src/usr/local/www/wizards/openvpn_wizard.inc index fa04f93..b8a4181 100644 --- a/src/usr/local/www/wizards/openvpn_wizard.inc +++ b/src/usr/local/www/wizards/openvpn_wizard.inc @@ -271,11 +271,11 @@ function step9_stepbeforeformdisplay() { $org = $pconfig['step6']['organization']; } else { $ca = lookup_ca($pconfig['step6']['authcertca']); - $cavl = cert_get_subject_array($ca['crt']); - $country = $cavl[0]['v']; - $state = $cavl[1]['v']; - $city = $cavl[2]['v']; - $org = $cavl[3]['v']; + $cavl = cert_get_subject_hash($ca['crt']); + $country = $cavl['C']; + $state = $cavl['ST']; + $city = $cavl['L']; + $org = $cavl['O']; } $fields =& $pkg['step'][$stepid]['fields']['field']; |
