diff options
author | Bill Marquette <bill.marquette@gmail.com> | 2011-05-14 11:08:39 -0500 |
---|---|---|
committer | Bill Marquette <bill.marquette@gmail.com> | 2011-05-14 11:08:39 -0500 |
commit | 23b774e0cfce78e24cd290f096972b098b7bf66b (patch) | |
tree | 57e3f8ee97ba7da4d83213c40ed40b3473db87c0 /etc/inc/certs.inc | |
parent | 2594f4010b85e5f4571ba76a69e36a16f441b4e3 (diff) | |
parent | 2ad2758feff078a29de0213bdbd71a91adb1a5fe (diff) | |
download | pfsense-23b774e0cfce78e24cd290f096972b098b7bf66b.zip pfsense-23b774e0cfce78e24cd290f096972b098b7bf66b.tar.gz |
Merge branch 'master' into yakatz-ssl
Diffstat (limited to 'etc/inc/certs.inc')
-rw-r--r-- | etc/inc/certs.inc | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 2e9718c..3595f45 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -498,14 +498,16 @@ function crl_update(& $crl) { if (!$ca) return false; // If we have text but no certs, it was imported and cannot be updated. - if (!empty($crl['text']) && empty($crl['cert'])) + if (($crl["method"] != "internal") && (!empty($crl['text']) && empty($crl['cert']))) return false; $crl['serial']++; $ca_str_crt = base64_decode($ca['crt']); $ca_str_key = base64_decode($ca['prv']); $crl_res = openssl_crl_new($ca_str_crt, $crl['serial'], $crl['lifetime']); - foreach ($crl['cert'] as $cert) { - openssl_crl_revoke_cert($crl_res, base64_decode($cert["crt"]), $cert["revoke_time"], $cert["reason"]); + if (is_array($crl['cert']) && (count($crl['cert']) > 0)) { + foreach ($crl['cert'] as $cert) { + openssl_crl_revoke_cert($crl_res, base64_decode($cert["crt"]), $cert["revoke_time"], $cert["reason"]); + } } openssl_crl_export($crl_res, $crl_text, $ca_str_key); $crl['text'] = base64_encode($crl_text); @@ -533,7 +535,13 @@ function cert_unrevoke($cert, & $crl) { foreach ($crl['cert'] as $id => $rcert) { if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr'])) { unset($crl['cert'][$id]); - crl_update($crl); + if (count($crl['cert']) == 0) { + // Protect against accidentally switching the type to imported, for older CRLs + if (!isset($crl['method'])) + $crl['method'] = "internal"; + crl_update($crl); + } else + crl_update($crl); return true; } } @@ -583,7 +591,7 @@ function crl_in_use($crlref) { } function is_crl_internal($crl) { - return !(!empty($crl['text']) && empty($crl['cert'])); + return (!(!empty($crl['text']) && empty($crl['cert'])) || ($crl["method"] == "internal")); } ?> |