diff options
| -rw-r--r-- | etc/inc/certs.inc | 8 | ||||
| -rw-r--r-- | usr/local/www/system_camanager.php | 11 |
2 files changed, 14 insertions, 5 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 67a3540..b1203cf 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -167,16 +167,20 @@ function ca_create(& $ca, $keylen, $lifetime, $dn) { // generate a new key pair $res_key = openssl_pkey_new($args); + if (!$res_key) return false; // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); + if (!$res_csr) return false; // self sign the certificate $res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args); + if (!$res_crt) return false; // export our certificate data - openssl_pkey_export($res_key, $str_key); - openssl_x509_export($res_crt, $str_crt); + if (!openssl_pkey_export($res_key, $str_key) || + !openssl_x509_export($res_crt, $str_crt)) + return false; // return our ca information $ca['crt'] = base64_encode($str_crt); diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 92a129a..9a18c87 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -243,6 +243,7 @@ if ($_POST) { if (!empty($pconfig['key'])) $ca['prv'] = base64_encode($pconfig['key']); } else { + $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ if ($pconfig['method'] == "existing") ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); @@ -254,7 +255,12 @@ if ($_POST) { 'organizationName' => $pconfig['dn_organization'], 'emailAddress' => $pconfig['dn_email'], 'commonName' => $pconfig['dn_commonname']); - ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn); + if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn)){ + while($ssl_err = openssl_error_string()){ + $input_errors = array(); + array_push($input_errors, "openssl library returns: " . $ssl_err); + } + } } else if ($pconfig['method'] == "intermediate") { $dn = array( @@ -264,15 +270,14 @@ if ($_POST) { 'organizationName' => $pconfig['dn_organization'], 'emailAddress' => $pconfig['dn_email'], 'commonName' => $pconfig['dn_commonname']); - $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'])){ while($ssl_err = openssl_error_string()){ $input_errors = array(); array_push($input_errors, "openssl library returns: " . $ssl_err); } } - error_reporting($old_err_level); } + error_reporting($old_err_level); } if (isset($id) && $a_ca[$id]) |
