diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-03-14 16:56:50 -0400 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-03-14 16:56:50 -0400 |
commit | 65d735f02f98eaf05a40e7cad0c55392b2fb72ce (patch) | |
tree | ac73d7e59702f5e245127e56f740f207f19e2067 /src/usr/local | |
parent | 2052d3e2ae3acf5564a460dad91966a6d77b3b51 (diff) | |
download | pfsense-65d735f02f98eaf05a40e7cad0c55392b2fb72ce.zip pfsense-65d735f02f98eaf05a40e7cad0c55392b2fb72ce.tar.gz |
Improve error detection in Openssl lib
Diffstat (limited to 'src/usr/local')
-rw-r--r-- | src/usr/local/www/system_certmanager.php | 45 |
1 files changed, 29 insertions, 16 deletions
diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index 070ca5f..cbc7e2c 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -394,22 +394,33 @@ if ($_POST['save']) { $caref = $config['ca'][$pconfig['catosignwith']]['refid']; $type = (cert_get_purpose($config['cert'][$pconfig['csrtosign']]['csr'])['server'] === "Yes") ? "server":"user"; - openssl_x509_export(openssl_csr_sign($csr, $ca, $key, $duration, ['x509_extensions' => 'v3_req']), $n509); + $e = openssl_csr_sign($csr, $ca, $key, $duration, ['x509_extensions' => 'v3_req']); + $input_errors = array(); + while ($ssl_err = openssl_error_string()) { + if (strpos($ssl_err, 'NCONF_get_string:no value') === false) { + array_push($input_errors, "openssl library returns: " . $ssl_err); + } + } - $newcert = array(); - $newcert['refid'] = uniqid(); - $newcert['caref'] = $caref; - $newcert['descr'] = $pconfig['descr']; - $newcert['type'] = $type; - $newcert['crt'] = base64_encode($n509); + if (!$input_errors) { + openssl_x509_export($e, $n509); - if ($pconfig['csrtosign'] === "new") { - $newcert['prv'] = $pconfig['keypaste']; - } else { - $newcert['prv'] = $config['cert'][$pconfig['csrtosign']]['prv']; + $newcert = array(); + $newcert['refid'] = uniqid(); + $newcert['caref'] = $caref; + $newcert['descr'] = $pconfig['descr']; + $newcert['type'] = $type; + $newcert['crt'] = base64_encode($n509); + + if ($pconfig['csrtosign'] === "new") { + $newcert['prv'] = $pconfig['keypaste']; + } else { + $newcert['prv'] = $config['cert'][$pconfig['csrtosign']]['prv']; + } + + $config['cert'][] = $newcert; } - $config['cert'][] = $newcert; error_reporting($old_err_level); } else { @@ -1252,10 +1263,12 @@ events.push(function() { } function set_csr_ro() { - $('#csrpaste').attr('readonly', ($('#csrtosign').val() != "new")); - $('#keypaste').attr('readonly', ($('#csrtosign').val() != "new")); - setRequired('csrpaste', ($('#csrtosign').val() == "new")); - setRequired('keypaste', ($('#csrtosign').val() == "new")); + var newcsr = $('#csrtosign').val() == "new"); + + $('#csrpaste').attr('readonly', !newcsr); + $('#keypaste').attr('readonly', !newcsr); + setRequired('csrpaste', newcsr); + setRequired('keypaste', newcsr); } // ---------- Click checkbox handlers --------------------------------------------------------- |