diff options
| author | jim-p <jimp@pfsense.org> | 2011-11-09 15:43:49 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-11-09 15:45:21 -0500 |
| commit | 77a888140bd834514e199757f38656cc0ab0ee94 (patch) | |
| tree | 239f8ab0ee15e62d63e2df0828fe11f1f2a61753 /etc/inc | |
| parent | 0389f03498994dbdaf47543a325b58d14b1cdbab (diff) | |
| download | pfsense-77a888140bd834514e199757f38656cc0ab0ee94.zip pfsense-77a888140bd834514e199757f38656cc0ab0ee94.tar.gz | |
When creating an internal certificate, offer the user a choice of what constraints to place upon the certificate (CA, Server, or User).
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/certs.inc | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 104a9fe..50ce0ad 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -253,7 +253,7 @@ function cert_import(& $cert, $crt_str, $key_str) { return true; } -function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { +function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user") { $ca =& lookup_ca($caref); if (!$ca) @@ -266,8 +266,20 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { if(!$ca_res_key) return false; $ca_serial = ++$ca['serial']; + switch ($type) { + case "ca": + $cert_type = "v3_ca"; + break; + case "server": + $cert_type = "server"; + break; + default: + $cert_type = "usr_cert"; + break; + } + $args = array( - "x509_extensions" => "usr_cert", + "x509_extensions" => $cert_type, "digest_alg" => "sha1", "private_key_bits" => (int)$keylen, "private_key_type" => OPENSSL_KEYTYPE_RSA, @@ -295,6 +307,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { $cert['caref'] = $caref; $cert['crt'] = base64_encode($str_crt); $cert['prv'] = base64_encode($str_key); + $cert['type'] = $type; return true; } |
