From 1379d66f11aaf72982a70287b83e24efcd18898e Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 10 Nov 2011 16:37:51 -0500
Subject: Add an indication in the certificate list to show if a certificate is
 internally capable of being a CA (basicConstraints has CA:TRUE) or if the
 nsCertType is set to server.

---
 etc/inc/certs.inc | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'etc/inc')

diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index 50ce0ad..ec3227d 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -458,6 +458,17 @@ function cert_get_modulus($str_crt, $decode = true, $type = "crt"){
 function csr_get_modulus($str_crt, $decode = true){
 	return cert_get_modulus($str_crt, $decode, "csr");
 }
+
+function cert_get_purpose($str_crt, $decode = true) {
+	if ($decode)
+		$str_crt = base64_decode($str_crt);
+	$crt_details = openssl_x509_parse($str_crt);
+	$purpose = array();
+	$purpose['ca'] = (stristr($crt_details['extensions']['basicConstraints'], 'CA:TRUE') === false) ? 'No': 'Yes';
+	$purpose['server'] = ($crt_details['extensions']['nsCertType'] == "SSL Server") ? 'Yes': 'No';
+	return $purpose;
+}
+
 function prv_get_modulus($str_crt, $decode = true){
 	return cert_get_modulus($str_crt, $decode, "prv");
 }
-- 
cgit v1.1