diff options
Diffstat (limited to 'etc/inc/certs.inc')
-rw-r--r-- | etc/inc/certs.inc | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 2b192c1..357ac05 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -479,14 +479,16 @@ function crl_update(& $crl) { if (!$ca) return false; // If we have text but no certs, it was imported and cannot be updated. - if (!empty($crl['text']) && empty($crl['cert'])) + if (($crl["method"] != "internal") && (!empty($crl['text']) && empty($crl['cert']))) return false; $crl['serial']++; $ca_str_crt = base64_decode($ca['crt']); $ca_str_key = base64_decode($ca['prv']); $crl_res = openssl_crl_new($ca_str_crt, $crl['serial'], $crl['lifetime']); - foreach ($crl['cert'] as $cert) { - openssl_crl_revoke_cert($crl_res, base64_decode($cert["crt"]), $cert["revoke_time"], $cert["reason"]); + if (is_array($crl['cert']) && (count($crl['cert']) > 0)) { + foreach ($crl['cert'] as $cert) { + openssl_crl_revoke_cert($crl_res, base64_decode($cert["crt"]), $cert["revoke_time"], $cert["reason"]); + } } openssl_crl_export($crl_res, $crl_text, $ca_str_key); $crl['text'] = base64_encode($crl_text); @@ -514,7 +516,13 @@ function cert_unrevoke($cert, & $crl) { foreach ($crl['cert'] as $id => $rcert) { if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr'])) { unset($crl['cert'][$id]); - crl_update($crl); + if (count($crl['cert']) == 0) { + // Protect against accidentally switching the type to imported, for older CRLs + if (!isset($crl['method'])) + $crl['method'] = "internal"; + crl_update($crl); + } else + crl_update($crl); return true; } } @@ -564,7 +572,7 @@ function crl_in_use($crlref) { } function is_crl_internal($crl) { - return !(!empty($crl['text']) && empty($crl['cert'])); + return (!(!empty($crl['text']) && empty($crl['cert'])) || ($crl["method"] == "internal")); } ?> |