diff options
| author | yakatz <yehuda@ymkatz.net> | 2011-04-21 14:29:54 -0400 |
|---|---|---|
| committer | yakatz <yehuda@ymkatz.net> | 2011-04-21 14:29:54 -0400 |
| commit | a828210b746c074c1e701a44f5f2ec3a69ba368a (patch) | |
| tree | 6bc76319d1b423c686e72e6377ef69041fda4327 /usr | |
| parent | e2e934e0c976bae835b58de7c2595666ad59d2a0 (diff) | |
| download | pfsense-a828210b746c074c1e701a44f5f2ec3a69ba368a.zip pfsense-a828210b746c074c1e701a44f5f2ec3a69ba368a.tar.gz | |
checking moduli of ssl csr request and response
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/local/www/system_certmanager.php | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 7ab59fd..c986d76 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -280,16 +280,25 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); +// old way /* make sure this csr and certificate subjects match */ - $subj_csr = csr_get_subject($pconfig['csr'], false); - $subj_cert = cert_get_subject($pconfig['cert'], false); - - if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) { - if (strcmp($subj_csr,$subj_cert)) { - $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert); - $subject_mismatch = true; - } - } +// $subj_csr = csr_get_subject($pconfig['csr'], false); +// $subj_cert = cert_get_subject($pconfig['cert'], false); +// +// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) { +// if (strcmp($subj_csr,$subj_cert)) { +// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert); +// $subject_mismatch = true; +// } +// } + $mod_csr = csr_get_modulus($pconfig['csr']); + $mod_cert = cert_get_modulus($pconfig['cert']); + + if (strcmp($mod_csr,$mod_cert)) { + // simply: if the moduli don't match, then the private key and public key won't match + $input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert); + $subject_mismatch = true; + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -318,7 +327,7 @@ if ($_POST) { include("head.inc"); ?> -<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> +<body link="#000000" vlink="#000000" alink="#000000" onLoad="<?= $jsevents["body"]["onload"] ?>"> <?php include("fbegin.inc"); ?> <script type="text/javascript"> <!-- @@ -780,14 +789,14 @@ function internalca_change() { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <?php if ( isset($subject_mismatch) && $subject_mismatch === true): ?> + <?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?> <input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" /> <label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br /> <?php echo gettext("Warning: Using this option may create an " . "invalid certificate. Check this box to disable the request -> " . "response subject verification. "); ?><br/> - <?php endif;?> + <?php endif; */ ?> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>" /> @@ -812,7 +821,7 @@ function internalca_change() { $i = 0; foreach($a_cert as $cert): $name = htmlspecialchars($cert['descr']); - + if ($cert['crt']) { $subj = cert_get_subject($cert['crt']); $issuer = cert_get_issuer($cert['crt']); @@ -880,7 +889,7 @@ function internalca_change() { <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" /> </a> <?php if (!cert_in_use($cert['refid'])): ?> - <a href="system_certmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')"> + <a href="system_certmanager.php?act=del&id=<?=$i;?>" onClick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" /> </a> <?php endif; ?> |
