diff options
| author | jim-p <jimp@pfsense.org> | 2013-01-21 14:30:30 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2013-01-21 14:33:19 -0500 |
| commit | ca6219025cabd3edbe53e522b345a167381a0171 (patch) | |
| tree | 2e076b0a5f92fbb9393009477528416d1be9690c /etc | |
| parent | bc2b0144e83bed57262c44175acba00277988101 (diff) | |
| download | pfsense-ca6219025cabd3edbe53e522b345a167381a0171.zip pfsense-ca6219025cabd3edbe53e522b345a167381a0171.tar.gz | |
Allow selecting the digest algorithm when creating a CA or Cert. Implements #2765
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/certs.inc | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index ed1f25c..84c028a 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -34,6 +34,8 @@ define("OPEN_SSL_CONF_PATH", "/etc/ssl/openssl.cnf"); require_once("functions.inc"); +$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); + function & lookup_ca($refid) { global $config; @@ -159,11 +161,11 @@ function ca_import(& $ca, $str, $key="", $serial=0) { return true; } -function ca_create(& $ca, $keylen, $lifetime, $dn) { +function ca_create(& $ca, $keylen, $lifetime, $dn, $digest_alg = "sha256") { $args = array( "x509_extensions" => "v3_ca", - "digest_alg" => "sha1", + "digest_alg" => $digest_alg, "private_key_bits" => (int)$keylen, "private_key_type" => OPENSSL_KEYTYPE_RSA, "encrypt_key" => false); @@ -193,7 +195,7 @@ function ca_create(& $ca, $keylen, $lifetime, $dn) { return true; } -function ca_inter_create(& $ca, $keylen, $lifetime, $dn, $caref) { +function ca_inter_create(& $ca, $keylen, $lifetime, $dn, $caref, $digest_alg = "sha256") { // Create Intermediate Certificate Authority $signing_ca =& lookup_ca($caref); if (!$signing_ca) @@ -206,7 +208,7 @@ function ca_inter_create(& $ca, $keylen, $lifetime, $dn, $caref) { $args = array( "x509_extensions" => "v3_ca", - "digest_alg" => "sha1", + "digest_alg" => $digest_alg, "private_key_bits" => (int)$keylen, "private_key_type" => OPENSSL_KEYTYPE_RSA, "encrypt_key" => false); @@ -253,7 +255,7 @@ function cert_import(& $cert, $crt_str, $key_str) { return true; } -function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user") { +function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $digest_alg = "sha256") { $ca =& lookup_ca($caref); if (!$ca) @@ -280,7 +282,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user") { $args = array( "x509_extensions" => $cert_type, - "digest_alg" => "sha1", + "digest_alg" => $digest_alg, "private_key_bits" => (int)$keylen, "private_key_type" => OPENSSL_KEYTYPE_RSA, "encrypt_key" => false); @@ -312,11 +314,11 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user") { return true; } -function csr_generate(& $cert, $keylen, $dn) { +function csr_generate(& $cert, $keylen, $dn, $digest_alg = "sha256") { $args = array( "x509_extensions" => "v3_req", - "digest_alg" => "sha1", + "digest_alg" => $digest_alg, "private_key_bits" => (int)$keylen, "private_key_type" => OPENSSL_KEYTYPE_RSA, "encrypt_key" => false); |
