diff options
| author | jim-p <jimp@pfsense.org> | 2010-09-16 17:32:02 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-09-16 17:32:02 -0400 |
| commit | 7b757d1bae045559f639a104b9f8d3a22022afcd (patch) | |
| tree | 5c7537c1e3fbb4466507c2c2383461253bc5efcf /etc/inc/certs.inc | |
| parent | c5f010aa1904120294da1b4d97cbff87ba061960 (diff) | |
| download | pfsense-7b757d1bae045559f639a104b9f8d3a22022afcd.zip pfsense-7b757d1bae045559f639a104b9f8d3a22022afcd.tar.gz | |
Add some safety belt checks so we don't try to update an imported crl
Diffstat (limited to 'etc/inc/certs.inc')
| -rw-r--r-- | etc/inc/certs.inc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 22831a1..39bfb1f 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -464,6 +464,9 @@ function crl_update(& $crl) { $ca =& lookup_ca($crl['caref']); if (!$ca) return false; + // If we have text but no certs, it was imported and cannot be updated. + if (!empty($crl['text']) && empty($crl['cert'])) + return false; $crl['serial']++; $ca_str_crt = base64_decode($ca['crt']); $ca_str_key = base64_decode($ca['prv']); @@ -480,6 +483,9 @@ function cert_revoke($cert, & $crl, $reason=OCSP_REVOKED_STATUS_UNSPECIFIED) { global $config; if (is_cert_revoked($cert)) return true; + // If we have text but no certs, it was imported and cannot be updated. + if (!empty($crl['text']) && empty($crl['cert'])) + return false; $cert["reason"] = $reason; $cert["revoke_time"] = time(); $crl["cert"][] = $cert; @@ -488,6 +494,9 @@ function cert_revoke($cert, & $crl, $reason=OCSP_REVOKED_STATUS_UNSPECIFIED) { function cert_unrevoke($cert, & $crl) { global $config; + // If we have text but no certs, it was imported and cannot be updated. + if (!empty($crl['text']) && empty($crl['cert'])) + return false; foreach ($crl['cert'] as $id => $rcert) { if (($rcert['refid'] == $cert['refid']) || ($rcert['name'] == $cert['name'])) { unset($crl['cert'][$id]); |
