diff options
author | PiBa-NL <pba_2k3@yahoo.com> | 2013-08-23 21:48:57 +0200 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2013-09-18 16:20:11 -0400 |
commit | fd750cd064a46f364a7e06c9fe27d46ce11cd09a (patch) | |
tree | 68af9d20019d1a4a9f443945b36b62fd2a350eff /usr | |
parent | c4eeb1c472b978a3669a2564f9a1e3733965be99 (diff) | |
download | pfsense-fd750cd064a46f364a7e06c9fe27d46ce11cd09a.zip pfsense-fd750cd064a46f364a7e06c9fe27d46ce11cd09a.tar.gz |
Certificate Manager, for 'Create an internal Certificate' use the correct 'Digest Algorithm'
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/system_certmanager.php | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 05dab3c..e1f5061 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -107,8 +107,9 @@ if ($act == "del") { if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['keylen'] = "2048"; - $pconfig['csr_keylen'] = "2048"; $pconfig['digest_alg'] = "sha256"; + $pconfig['csr_keylen'] = "2048"; + $pconfig['csr_digest_alg'] = "sha256"; $pconfig['type'] = "user"; $pconfig['lifetime'] = "3650"; } @@ -295,11 +296,15 @@ if ($_POST) { }else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); } + if (isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) array_push($input_errors, gettext("Please select a valid Key Length.")); + if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) + array_push($input_errors, gettext("Please select a valid Digest Algorithm.")); + if (isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) array_push($input_errors, gettext("Please select a valid Key Length.")); - if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) + if (!in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) array_push($input_errors, gettext("Please select a valid Digest Algorithm.")); } @@ -368,7 +373,7 @@ if ($_POST) { } $dn['subjectAltName'] = implode(",", $altnames_tmp); } - if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['digest_alg'])){ + if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])){ while($ssl_err = openssl_error_string()){ $input_errors = array(); array_push($input_errors, "openssl library returns: " . $ssl_err); @@ -866,14 +871,14 @@ function internalca_change() { <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td> <td width="78%" class="vtable"> - <select name='digest_alg' id='digest_alg' class="formselect"> + <select name='csr_digest_alg' id='csr_digest_alg' class="formselect"> <?php - foreach( $openssl_digest_algs as $digest_alg): + foreach( $openssl_digest_algs as $csr_digest_alg): $selected = ""; - if ($pconfig['digest_alg'] == $digest_alg) + if ($pconfig['csr_digest_alg'] == $csr_digest_alg) $selected = " selected=\"selected\""; ?> - <option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option> + <option value="<?=$csr_digest_alg;?>"<?=$selected;?>><?=strtoupper($csr_digest_alg);?></option> <?php endforeach; ?> </select> <br/><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?> |