diff options
author | Renato Botelho <renato@netgate.com> | 2015-09-21 17:45:06 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-09-21 17:45:06 -0300 |
commit | 841e800d7def5ff6ca12b7ab5da8e7878e20e55b (patch) | |
tree | 2f838f478c6805f4cf437c5634b2af4c6f5a3931 /src | |
parent | 66fd7b47679187ddcfaf5852a55b2af15394f341 (diff) | |
parent | cc882a8b0cfee277ccef76f8964dd75adb481377 (diff) | |
download | pfsense-841e800d7def5ff6ca12b7ab5da8e7878e20e55b.zip pfsense-841e800d7def5ff6ca12b7ab5da8e7878e20e55b.tar.gz |
Merge pull request #1902 from dachande/feature/certmanager_san_wildcard_hostname
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/util.inc | 13 | ||||
-rw-r--r-- | src/usr/local/www/system_certmanager.php | 12 |
2 files changed, 15 insertions, 10 deletions
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index b2c797b..627e6e8 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -830,12 +830,12 @@ function is_unqualified_hostname($hostname) { } /* returns true if $hostname is a valid hostname, with or without being a fully-qualified domain name. */ -function is_hostname($hostname) { +function is_hostname($hostname, $allow_wildcard=false) { if (!is_string($hostname)) { return false; } - if (is_domain($hostname)) { + if (is_domain($hostname, $allow_wildcard)) { if ((substr_count($hostname, ".") == 1) && ($hostname[strlen($hostname)-1] == ".")) { /* Only a single dot at the end like "test." - hosts cannot be directly in the root domain. */ return false; @@ -848,12 +848,17 @@ function is_hostname($hostname) { } /* returns true if $domain is a valid domain name */ -function is_domain($domain) { +function is_domain($domain, $allow_wildcard=false) { if (!is_string($domain)) { return false; } + if ($allow_wildcard) { + $domain_regex = '/^(?:(?:[a-z_0-9\*]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9\.])$/i'; + } else { + $domain_regex = '/^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9\.])$/i'; + } - if (preg_match('/^(?:(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9])\.)*(?:[a-z_0-9]|[a-z_0-9][a-z_0-9\-]*[a-z_0-9\.])$/i', $domain)) { + if (preg_match($domain_regex, $domain)) { return true; } else { return false; diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index ebf96df..2e10c69 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -234,13 +234,13 @@ if ($act == "csr") { } if ($_POST) { - + // This is just the blank altername name that is added for display purposes. We don't want to validate/save it if($_POST['altname_value0'] == "") { unset($_POST['altname_type0']); unset($_POST['altname_value0']); } - + if ($_POST['save'] == gettext("Save")) { $input_errors = array(); $pconfig = $_POST; @@ -323,8 +323,8 @@ if ($_POST) { foreach ($altnames as $idx => $altname) { switch ($altname['type']) { case "DNS": - if (!is_hostname($altname['value'])) { - array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs"); + if (!is_hostname($altname['value'], true)) { + array_push($input_errors, "DNS subjectAltName values must be valid hostnames, FQDNs or wildcard domains."); } break; case "IP": @@ -551,7 +551,7 @@ include("head.inc"); if ($input_errors) print_input_errors($input_errors); - + if ($savemsg) print_info_box($savemsg, 'success'); @@ -1263,4 +1263,4 @@ events.push(function(){ //]]> </script> <?php -include('foot.inc');
\ No newline at end of file +include('foot.inc'); |