From 505c08631efd901112203bb735394025a222c639 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 8 Mar 2017 09:57:19 -0500
Subject: Fix display of openssl errors when working with CA or certificate
 entries. Found this while looking into ticket #7370

---
 src/usr/local/www/system_camanager.php   | 15 +++++++++------
 src/usr/local/www/system_certmanager.php | 12 ++++++++----
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php
index d20d14d..28d2fa5 100644
--- a/src/usr/local/www/system_camanager.php
+++ b/src/usr/local/www/system_camanager.php
@@ -305,9 +305,11 @@ if ($_POST) {
 					$dn['organizationalUnitName'] = $pconfig['dn_organizationalunit'];
 				}
 				if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
+					$input_errors = array();
 					while ($ssl_err = openssl_error_string()) {
-						$input_errors = array();
-						array_push($input_errors, "openssl library returns: " . $ssl_err);
+						if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
+							array_push($input_errors, "openssl library returns: " . $ssl_err);
+						}
 					}
 				}
 			} else if ($pconfig['method'] == "intermediate") {
@@ -322,9 +324,11 @@ if ($_POST) {
 					$dn['organizationalUnitName'] = $pconfig['dn_organizationalunit'];
 				}
 				if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
+					$input_errors = array();
 					while ($ssl_err = openssl_error_string()) {
-						$input_errors = array();
-						array_push($input_errors, "openssl library returns: " . $ssl_err);
+						if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
+							array_push($input_errors, "openssl library returns: " . $ssl_err);
+						}
 					}
 				}
 			}
@@ -339,9 +343,8 @@ if ($_POST) {
 
 		if (!$input_errors) {
 			write_config();
+			pfSenseHeader("system_camanager.php");
 		}
-
-		pfSenseHeader("system_camanager.php");
 	}
 }
 
diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php
index a8ee194..d6684ef 100644
--- a/src/usr/local/www/system_certmanager.php
+++ b/src/usr/local/www/system_certmanager.php
@@ -436,9 +436,11 @@ if ($_POST) {
 					}
 
 					if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])) {
+						$input_errors = array();
 						while ($ssl_err = openssl_error_string()) {
-							$input_errors = array();
-							array_push($input_errors, "openssl library returns: " . $ssl_err);
+							if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
+								array_push($input_errors, "openssl library returns: " . $ssl_err);
+							}
 						}
 					}
 				}
@@ -463,9 +465,11 @@ if ($_POST) {
 					}
 
 					if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) {
+						$input_errors = array();
 						while ($ssl_err = openssl_error_string()) {
-							$input_errors = array();
-							array_push($input_errors, "openssl library returns: " . $ssl_err);
+							if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
+								array_push($input_errors, "openssl library returns: " . $ssl_err);
+							}
 						}
 					}
 				}
-- 
cgit v1.1