diff options
| author | jim-p <jimp@pfsense.org> | 2017-03-08 10:03:19 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2017-03-08 10:05:22 -0500 |
| commit | cfc0d396717f4e779f9919ec2b6971e5ad7afa76 (patch) | |
| tree | 57a183899b37788bbfb352ee93849fb4e220071b | |
| parent | ddfa8daa985ce4781bd9dccec012d37cc59e2675 (diff) | |
| download | pfsense-cfc0d396717f4e779f9919ec2b6971e5ad7afa76.zip pfsense-cfc0d396717f4e779f9919ec2b6971e5ad7afa76.tar.gz | |
Remove whirlpool from the list of CA/Cert digest algorithms as it does not work properly. OpenSSL claims it's not valid ("unknown signature algorithm"). Fixes #7370
While I'm here, stop needlessly repeating the algo list, it's a global in certs.inc, so use that single copy of the list.
| -rw-r--r-- | src/etc/inc/certs.inc | 2 | ||||
| -rw-r--r-- | src/usr/local/www/system_camanager.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/system_certmanager.php | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index 74a0509..79aeef1 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -57,7 +57,7 @@ define("OPEN_SSL_CONF_PATH", "/etc/ssl/openssl.cnf"); require_once("functions.inc"); global $openssl_digest_algs; -$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool"); +$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); global $openssl_crl_status; $openssl_crl_status = array( diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php index 2d2ab19..c3b3832 100644 --- a/src/usr/local/www/system_camanager.php +++ b/src/usr/local/www/system_camanager.php @@ -68,7 +68,7 @@ $ca_methods = array( "intermediate" => gettext("Create an intermediate Certificate Authority")); $ca_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384"); -$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool"); +global $openssl_digest_algs; if (is_numericint($_GET['id'])) { $id = $_GET['id']; diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index bd3efe3..c19b2f8 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -74,7 +74,7 @@ $cert_types = array( "user" => "User Certificate"); $altname_types = array("DNS", "IP", "email", "URI"); -$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool"); +global $openssl_digest_algs; if (is_numericint($_GET['userid'])) { $userid = $_GET['userid']; |
