diff options
author | jim-p <jimp@pfsense.org> | 2011-11-09 15:43:49 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-11-09 15:43:49 -0500 |
commit | 7aaabd69b0dabc83fc535525bfd6200c3dd67245 (patch) | |
tree | ec9241a8bdfb6ba699209a7aa2734354d837cc13 /etc/inc | |
parent | 74a556a3caa67adb0adac055ffb9321e264e1b71 (diff) | |
download | pfsense-7aaabd69b0dabc83fc535525bfd6200c3dd67245.zip pfsense-7aaabd69b0dabc83fc535525bfd6200c3dd67245.tar.gz |
When creating an internal certificate, offer the user a choice of what constraints to place upon the certificate (CA, Server, or User).
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/certs.inc | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 104a9fe..50ce0ad 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -253,7 +253,7 @@ function cert_import(& $cert, $crt_str, $key_str) { return true; } -function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { +function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user") { $ca =& lookup_ca($caref); if (!$ca) @@ -266,8 +266,20 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { if(!$ca_res_key) return false; $ca_serial = ++$ca['serial']; + switch ($type) { + case "ca": + $cert_type = "v3_ca"; + break; + case "server": + $cert_type = "server"; + break; + default: + $cert_type = "usr_cert"; + break; + } + $args = array( - "x509_extensions" => "usr_cert", + "x509_extensions" => $cert_type, "digest_alg" => "sha1", "private_key_bits" => (int)$keylen, "private_key_type" => OPENSSL_KEYTYPE_RSA, @@ -295,6 +307,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { $cert['caref'] = $caref; $cert['crt'] = base64_encode($str_crt); $cert['prv'] = base64_encode($str_key); + $cert['type'] = $type; return true; } |