Internal cert and CSR creation error handling added.

1 files changed, 12 insertions, 4 deletions

diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index b1203cf..6ab448b 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -259,6 +259,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
 	$ca_str_key = base64_decode($ca['prv']);
 	$ca_res_crt = openssl_x509_read($ca_str_crt);
 	$ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => ""));
+	if(!$ca_res_key) return false;
 	$ca_serial = ++$ca['serial'];
 
 	$args = array(
@@ -269,17 +270,21 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
 
 	// generate a new key pair
 	$res_key = openssl_pkey_new($args);
+	if(!$res_key) return false;
 
 	// generate a certificate signing request
 	$res_csr = openssl_csr_new($dn, $res_key, $args);
+	if(!$res_csr) return false;
 
 	// self sign the certificate
 	$res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
 				 $args, $ca_serial);
+	if(!$res_crt) return false;
 
 	// export our certificate data
-	openssl_pkey_export($res_key, $str_key);
-	openssl_x509_export($res_crt, $str_crt);
+	if (!openssl_pkey_export($res_key, $str_key) ||
+	    !openssl_x509_export($res_crt, $str_crt))
+		return false;
 
 	// return our certificate information
 	$cert['caref'] = $caref;
@@ -299,13 +304,16 @@ function csr_generate(& $cert, $keylen, $dn) {
 
 	// generate a new key pair
 	$res_key = openssl_pkey_new($args);
+	if(!$res_key) return false;
 
 	// generate a certificate signing request
 	$res_csr = openssl_csr_new($dn, $res_key, $args);
+	if(!$res_csr) return false;
 
 	// export our request data
-	openssl_pkey_export($res_key, $str_key);
-	openssl_csr_export($res_csr, $str_csr);
+	if (!openssl_pkey_export($res_key, $str_key) ||
+	    !openssl_csr_export($res_csr, $str_csr))
+		return false;
 
 	// return our request information
 	$cert['csr'] = base64_encode($str_csr);