diff options
| author | jim-p <jimp@pfsense.org> | 2011-11-10 16:37:51 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-11-10 16:37:51 -0500 |
| commit | 1379d66f11aaf72982a70287b83e24efcd18898e (patch) | |
| tree | c33a3cd95a7951cc4d0020b89e7037811bc1a3e1 /etc/inc/certs.inc | |
| parent | 298fe5ae746d5240a34f66695fd6d70947765929 (diff) | |
| download | pfsense-1379d66f11aaf72982a70287b83e24efcd18898e.zip pfsense-1379d66f11aaf72982a70287b83e24efcd18898e.tar.gz | |
Add an indication in the certificate list to show if a certificate is internally capable of being a CA (basicConstraints has CA:TRUE) or if the nsCertType is set to server.
Diffstat (limited to 'etc/inc/certs.inc')
| -rw-r--r-- | etc/inc/certs.inc | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 50ce0ad..ec3227d 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -458,6 +458,17 @@ function cert_get_modulus($str_crt, $decode = true, $type = "crt"){ function csr_get_modulus($str_crt, $decode = true){ return cert_get_modulus($str_crt, $decode, "csr"); } + +function cert_get_purpose($str_crt, $decode = true) { + if ($decode) + $str_crt = base64_decode($str_crt); + $crt_details = openssl_x509_parse($str_crt); + $purpose = array(); + $purpose['ca'] = (stristr($crt_details['extensions']['basicConstraints'], 'CA:TRUE') === false) ? 'No': 'Yes'; + $purpose['server'] = ($crt_details['extensions']['nsCertType'] == "SSL Server") ? 'Yes': 'No'; + return $purpose; +} + function prv_get_modulus($str_crt, $decode = true){ return cert_get_modulus($str_crt, $decode, "prv"); } |
