diff options
author | jim-p <jimp@pfsense.org> | 2011-03-30 16:35:28 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-03-30 16:37:45 -0400 |
commit | bfa992bc4eb8f8674f44b94e8617a032854356e9 (patch) | |
tree | 992e331feed98277d36c2b826c3ade87188bfaf9 /etc/inc/certs.inc | |
parent | b7d5a7bab8531b6a038100e74edc5d27a26b1d6a (diff) | |
download | pfsense-bfa992bc4eb8f8674f44b94e8617a032854356e9.zip pfsense-bfa992bc4eb8f8674f44b94e8617a032854356e9.tar.gz |
Allow editing of CAs, so that imported CAs can have their private keys added later (mainly affected users upgrading from 1.2.3 and wanting to use the cert manager). Also, allow editing the CA's serial, since this shouldn't really be 0 for imported CAs, but the serial of the last cert that was made from this CA.
Diffstat (limited to 'etc/inc/certs.inc')
-rw-r--r-- | etc/inc/certs.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 8d5604f..2b192c1 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -121,13 +121,14 @@ function ca_chain(& $cert) { return ""; } -function ca_import(& $ca, $str, $key="") { +function ca_import(& $ca, $str, $key="", $serial=0) { global $config; $ca['crt'] = base64_encode($str); if (!empty($key)) $ca['prv'] = base64_encode($key); - + if (!empty($serial)) + $ca['serial'] = $serial; $subject = cert_get_subject($str, false); $issuer = cert_get_issuer($str, false); @@ -355,6 +356,7 @@ function cert_get_issuer($str_crt, $decode = true) { $inf_crt = openssl_x509_parse($str_crt); $components = $inf_crt['issuer']; + ksort($components); if (!is_array($components)) return "unknown"; foreach ($components as $a => $v) { |