diff options
author | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-23 20:28:31 -0400 |
---|---|---|
committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-23 20:28:31 -0400 |
commit | 22b380aa6f4b7401b887945262a2e595d03dac26 (patch) | |
tree | 95287ab9963d0ae90c21d01935ac554dc40218b0 /etc | |
parent | 1b6d9fa59cdc3a284497abb0bfa415741c258d10 (diff) | |
download | pfsense-22b380aa6f4b7401b887945262a2e595d03dac26.zip pfsense-22b380aa6f4b7401b887945262a2e595d03dac26.tar.gz |
Internal cert and CSR creation error handling added.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/certs.inc | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index b1203cf..6ab448b 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -259,6 +259,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { $ca_str_key = base64_decode($ca['prv']); $ca_res_crt = openssl_x509_read($ca_str_crt); $ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => "")); + if(!$ca_res_key) return false; $ca_serial = ++$ca['serial']; $args = array( @@ -269,17 +270,21 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { // generate a new key pair $res_key = openssl_pkey_new($args); + if(!$res_key) return false; // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); + if(!$res_csr) return false; // self sign the certificate $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime, $args, $ca_serial); + if(!$res_crt) return false; // export our certificate data - openssl_pkey_export($res_key, $str_key); - openssl_x509_export($res_crt, $str_crt); + if (!openssl_pkey_export($res_key, $str_key) || + !openssl_x509_export($res_crt, $str_crt)) + return false; // return our certificate information $cert['caref'] = $caref; @@ -299,13 +304,16 @@ function csr_generate(& $cert, $keylen, $dn) { // generate a new key pair $res_key = openssl_pkey_new($args); + if(!$res_key) return false; // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); + if(!$res_csr) return false; // export our request data - openssl_pkey_export($res_key, $str_key); - openssl_csr_export($res_csr, $str_csr); + if (!openssl_pkey_export($res_key, $str_key) || + !openssl_csr_export($res_csr, $str_csr)) + return false; // return our request information $cert['csr'] = base64_encode($str_csr); |