diff options
author | jim-p <jimp@pfsense.org> | 2016-11-29 14:13:55 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-11-29 14:13:55 -0500 |
commit | 2cf5db21fe6abc281912a3d103265f01cb9dcfcc (patch) | |
tree | 435c65d717de0a817711f37479c4eda89ae3a93e /src/usr/local/www/system_camanager.php | |
parent | ab63443a9184f42f6a47907e5f2d3fbab6ff043e (diff) | |
download | pfsense-2cf5db21fe6abc281912a3d103265f01cb9dcfcc.zip pfsense-2cf5db21fe6abc281912a3d103265f01cb9dcfcc.tar.gz |
Ensure that the submitted private key matches the certificate or CA when importing. Ticket #6953
Diffstat (limited to 'src/usr/local/www/system_camanager.php')
-rw-r--r-- | src/usr/local/www/system_camanager.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php index 112537c..0d5c753 100644 --- a/src/usr/local/www/system_camanager.php +++ b/src/usr/local/www/system_camanager.php @@ -175,6 +175,9 @@ if ($_POST) { if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) { $input_errors[] = gettext("Encrypted private keys are not yet supported."); } + if (cert_get_modulus($_POST['cert'], false) != prv_get_modulus($_POST['key'], false)) { + $input_errors[] = gettext("The submitted private key does not match the submitted certificate data."); + } } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", |