From cfc0d396717f4e779f9919ec2b6971e5ad7afa76 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 8 Mar 2017 10:03:19 -0500
Subject: Remove whirlpool from the list of CA/Cert digest algorithms as it
 does not work properly. OpenSSL claims it's not valid ("unknown signature
 algorithm"). Fixes #7370 While I'm here, stop needlessly repeating the algo
 list, it's a global in certs.inc, so use that single copy of the list.

---
 src/etc/inc/certs.inc                    | 2 +-
 src/usr/local/www/system_camanager.php   | 2 +-
 src/usr/local/www/system_certmanager.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc
index 74a0509..79aeef1 100644
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@@ -57,7 +57,7 @@ define("OPEN_SSL_CONF_PATH", "/etc/ssl/openssl.cnf");
 require_once("functions.inc");
 
 global $openssl_digest_algs;
-$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");
+$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
 
 global $openssl_crl_status;
 $openssl_crl_status = array(
diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php
index 2d2ab19..c3b3832 100644
--- a/src/usr/local/www/system_camanager.php
+++ b/src/usr/local/www/system_camanager.php
@@ -68,7 +68,7 @@ $ca_methods = array(
 	"intermediate" => gettext("Create an intermediate Certificate Authority"));
 
 $ca_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384");
-$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");
+global $openssl_digest_algs;
 
 if (is_numericint($_GET['id'])) {
 	$id = $_GET['id'];
diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php
index bd3efe3..c19b2f8 100644
--- a/src/usr/local/www/system_certmanager.php
+++ b/src/usr/local/www/system_certmanager.php
@@ -74,7 +74,7 @@ $cert_types = array(
 	"user" => "User Certificate");
 
 $altname_types = array("DNS", "IP", "email", "URI");
-$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");
+global $openssl_digest_algs;
 
 if (is_numericint($_GET['userid'])) {
 	$userid = $_GET['userid'];
-- 
cgit v1.1