diff options
author | jim-p <jimp@pfsense.org> | 2016-11-29 13:48:03 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-11-29 13:48:03 -0500 |
commit | ab63443a9184f42f6a47907e5f2d3fbab6ff043e (patch) | |
tree | 0ac44dad414ab818bd958d4e429f74bf85646c3d | |
parent | 80080a0c8b5949b1af97d1d49b4cc834d06875cf (diff) | |
download | pfsense-ab63443a9184f42f6a47907e5f2d3fbab6ff043e.zip pfsense-ab63443a9184f42f6a47907e5f2d3fbab6ff043e.tar.gz |
Fix certificate generation for CAs without a serial set on import. Fixes #6952
-rw-r--r-- | src/etc/inc/certs.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index f834bd4..248019e 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -143,14 +143,16 @@ function ca_chain(& $cert) { return ""; } -function ca_import(& $ca, $str, $key = "", $serial = 0) { +function ca_import(& $ca, $str, $key = "", $serial = "") { global $config; $ca['crt'] = base64_encode($str); if (!empty($key)) { $ca['prv'] = base64_encode($key); } - if (!empty($serial)) { + if (empty($serial)) { + $ca['serial'] = 0; + } else { $ca['serial'] = $serial; } $subject = cert_get_subject($str, false); @@ -315,6 +317,9 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type = "user", $ if (!$ca_res_key) { return false; } + if (empty($ca['serial'])) { + $ca['serial'] = 0; + } $ca_serial = ++$ca['serial']; } |