From 7aaabd69b0dabc83fc535525bfd6200c3dd67245 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 9 Nov 2011 15:43:49 -0500
Subject: When creating an internal certificate, offer the user a choice of
 what constraints to place upon the certificate (CA, Server, or User).

---
 etc/inc/certs.inc | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'etc/inc/certs.inc')

diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index 104a9fe..50ce0ad 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -253,7 +253,7 @@ function cert_import(& $cert, $crt_str, $key_str) {
 	return true;
 }
 
-function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
+function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user") {
 
 	$ca =& lookup_ca($caref);
 	if (!$ca)
@@ -266,8 +266,20 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
 	if(!$ca_res_key) return false;
 	$ca_serial = ++$ca['serial'];
 
+	switch ($type) {
+		case "ca":
+			$cert_type = "v3_ca";
+			break;
+		case "server":
+			$cert_type = "server";
+			break;
+		default:
+			$cert_type = "usr_cert";
+			break;
+	}
+
 	$args = array(
-		"x509_extensions" => "usr_cert",
+		"x509_extensions" => $cert_type,
 		"digest_alg" => "sha1",
 		"private_key_bits" => (int)$keylen,
 		"private_key_type" => OPENSSL_KEYTYPE_RSA,
@@ -295,6 +307,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
 	$cert['caref'] = $caref;
 	$cert['crt'] = base64_encode($str_crt);
 	$cert['prv'] = base64_encode($str_key);
+	$cert['type'] = $type;
 
 	return true;
 }
-- 
cgit v1.1