Skip to content

Commit d13be16

Browse files
author
majestick
committed
fixed nsRevocationUrl
fixed nsRevocationUrl. fixed Empty DNS Names Strings
1 parent 44be251 commit d13be16

File tree

1 file changed

+13
-10
lines changed

1 file changed

+13
-10
lines changed

include/openssl_functions.php

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
// File name is placed in ./tmp with a random name. It lingers unless
66
// removed manually.
77
//
8-
function CA_create_cnf($country='',$province='',$locality='',$organization='',$unit='',$common_name='',$email='',$keysize=4096,$dns_names='',$ip_addr='') {
8+
function CA_create_cnf($country='',$province='',$locality='',$organization='',$unit='',$common_name='',$email='',$keysize=4096,$dns_names='',$ip_addr='',$serial='') {
99
global $config, $PHPki_user;
1010

1111
$issuer = $PHPki_user;
@@ -18,20 +18,23 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
1818
$dns_n=explode("\n", $dns_names);
1919
$count_dns = $count_dns + 1;
2020
$alt_names .= "DNS.$count_dns = $common_name\n";
21-
2221
foreach ($dns_n as $value) {
22+
if (! $value == '') {
2323
$count_dns = $count_dns + 1;
2424
$alt_names .= "DNS.$count_dns = ".trim($value)."\n";
25+
}
2526
}
2627
}
2728

2829
if (! $ip_addr == '') {
2930
$ip_ar=explode("\n", $ip_addr);
3031
foreach ($ip_ar as $value) {
32+
if (! $value == '') {
3133
$count_dns = $count_dns + 1;
3234
$count_ip = $count_ip + 1;
3335
$alt_names .= "DNS.$count_dns = ".trim($value)."\n";
3436
$alt_names .= "IP.$count_ip = ".trim($value)."\n";
37+
}
3538
}
3639
}
3740

@@ -44,7 +47,7 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
4447
$cnf_contents = "
4548
HOME = $config[home_dir]
4649
RANDFILE = $config[random]
47-
dir = $config[ca_dir]
50+
dir = $config[ca_dir]
4851
certs = $config[cert_dir]
4952
crl_dir = $config[crl_dir]
5053
database = $config[index]
@@ -135,7 +138,7 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
135138
subjectAltName = email:copy
136139
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
137140
nsComment = \"PHPki/OpenSSL Generated Root Certificate\"
138-
#nsCaRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
141+
#nsCaRevocationUrl = $config[base_url]ns_revoke_query.php?$serial
139142
nsCaPolicyUrl = $config[base_url]policy.html
140143
141144
[ email_ext ]
@@ -150,7 +153,7 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
150153
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
151154
nsComment = \"PHPki/OpenSSL Generated Personal Certificate\"
152155
nsBaseUrl = $config[base_url]
153-
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
156+
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$serial
154157
nsCaPolicyUrl = $config[base_url]policy.html
155158
156159
[ email_signing_ext ]
@@ -165,7 +168,7 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
165168
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
166169
nsComment = \"PHPki/OpenSSL Generated Personal Certificate\"
167170
nsBaseUrl = $config[base_url]
168-
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
171+
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$serial
169172
nsCaPolicyUrl = $config[base_url]policy.html
170173
171174
[ server_ext ]
@@ -180,7 +183,7 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
180183
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
181184
nsComment = \"PHPki/OpenSSL Generated Server Certificate\"
182185
nsBaseUrl = $config[base_url]
183-
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
186+
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$serial
184187
nsCaPolicyUrl = $config[base_url]policy.html
185188
186189
[ time_stamping_ext ]
@@ -194,7 +197,7 @@ function CA_create_cnf($country='',$province='',$locality='',$organization='',$u
194197
crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
195198
nsComment = \"PHPki/OpenSSL Generated Time Stamping Certificate\"
196199
nsBaseUrl = $config[base_url]
197-
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$config[serial]
200+
nsRevocationUrl = $config[base_url]ns_revoke_query.php?$serial
198201
199202
[ vpn_client_ext ]
200203
basicConstraints = critical, CA:false
@@ -519,11 +522,11 @@ function CA_create_cert($cert_type='email',$country,$province,$locality,$organiz
519522

520523
$expiry_days = round($expiry * 365.25, 0);
521524

522-
$cnf_file = CA_create_cnf($country,$province,$locality,$organization,$unit,$common_name,$email,$keysize,$dns_names,$ip_addr);
525+
$cnf_file = CA_create_cnf($country,$province,$locality,$organization,$unit,$common_name,$email,$keysize,$dns_names,$ip_addr,$serial);
523526

524527
# Escape certain dangerous characters in user input
525528
$email = escshellcmd($email);
526-
$_passwd = escshellarg($passwd);
529+
$_passwd = escshellarg($passwd);
527530
$friendly_name = escshellarg($common_name);
528531
$extensions = escshellarg($cert_type.'_ext');
529532

0 commit comments

Comments
 (0)