"Problem with subjectAltName"
This commit is contained in:
Wytze van der Raay
parent
c68de86c6d
commit
1b49547d06
3 changed files with 155 additions and 129 deletions
|
|
@ -22,6 +22,57 @@
|
|||
|
||||
loadem("account");
|
||||
|
||||
/**
|
||||
* Build a subject string as needed by the signer
|
||||
*
|
||||
* @param array(string) $domains
|
||||
* First domain is used as CN and repeated in subjectAltName. Duplicates
|
||||
* should already been removed
|
||||
*
|
||||
* @param bool $include_xmpp_addr
|
||||
* [default: true] Whether to include the XmppAddr in the subjectAltName.
|
||||
* This is needed if the Jabber server is jabber.example.com but a Jabber ID
|
||||
* on that server would be alice@example.com
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function buildSubject(array $domains, $include_xmpp_addr = true) {
|
||||
$subject = "/CN=${domains[0]}";
|
||||
|
||||
foreach ($domains as $domain) {
|
||||
$subject .= "/subjectAltName=DNS:$domain";
|
||||
|
||||
if ($include_xmpp_addr) {
|
||||
$subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain";
|
||||
}
|
||||
}
|
||||
|
||||
return $subject;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds the subject string from the session variables
|
||||
* $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows']
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function buildSubjectFromSession() {
|
||||
$domains = array();
|
||||
|
||||
if (is_array($_SESSION['_config']['rows'])) {
|
||||
$domains = array_merge($domains, $_SESSION['_config']['rows']);
|
||||
}
|
||||
|
||||
if (is_array($_SESSION['_config']['altrows']))
|
||||
foreach ($_SESSION['_config']['altrows'] as $row) {
|
||||
if (substr($row, 0, 4) === "DNS:") {
|
||||
$domains[] = substr($row, 4);
|
||||
}
|
||||
}
|
||||
|
||||
return buildSubject(array_unique($domains));
|
||||
}
|
||||
|
||||
$id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0;
|
||||
$oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
|
||||
$process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : "";
|
||||
|
|
@ -741,35 +792,8 @@
|
|||
exit;
|
||||
}
|
||||
|
||||
$subject = "";
|
||||
$count = 0;
|
||||
$supressSAN=0;
|
||||
if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
|
||||
$subject = buildSubjectFromSession();
|
||||
|
||||
if(is_array($_SESSION['_config']['rows']))
|
||||
foreach($_SESSION['_config']['rows'] as $row)
|
||||
{
|
||||
$count++;
|
||||
if($count <= 1)
|
||||
{
|
||||
$subject .= "/CN=$row";
|
||||
if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
|
||||
if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
|
||||
} else {
|
||||
if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
|
||||
if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
|
||||
}
|
||||
}
|
||||
if(is_array($_SESSION['_config']['altrows']))
|
||||
foreach($_SESSION['_config']['altrows'] as $row)
|
||||
{
|
||||
if(substr($row, 0, 4) == "DNS:")
|
||||
{
|
||||
$row = substr($row, 4);
|
||||
if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
|
||||
if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
|
||||
}
|
||||
}
|
||||
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
|
||||
$_SESSION['_config']['rootcert'] = 1;
|
||||
|
||||
|
|
@ -795,7 +819,6 @@
|
|||
echo _("Domain not verified.");
|
||||
showfooter();
|
||||
exit;
|
||||
|
||||
}
|
||||
|
||||
mysql_query($query);
|
||||
|
|
@ -894,29 +917,7 @@
|
|||
continue;
|
||||
}
|
||||
|
||||
$subject = "";
|
||||
$count = 0;
|
||||
if(is_array($_SESSION['_config']['rows']))
|
||||
foreach($_SESSION['_config']['rows'] as $row)
|
||||
{
|
||||
$count++;
|
||||
if($count <= 1)
|
||||
{
|
||||
$subject .= "/CN=$row";
|
||||
if(!strstr($subject, "=$row/") &&
|
||||
substr($subject, -strlen("=$row")) != "=$row")
|
||||
$subject .= "/subjectAltName=$row";
|
||||
} else {
|
||||
if(!strstr($subject, "=$row/") &&
|
||||
substr($subject, -strlen("=$row")) != "=$row")
|
||||
$subject .= "/subjectAltName=$row";
|
||||
}
|
||||
}
|
||||
if(is_array($_SESSION['_config']['altrows']))
|
||||
foreach($_SESSION['_config']['altrows'] as $row)
|
||||
if(!strstr($subject, "=$row/") &&
|
||||
substr($subject, -strlen("=$row")) != "=$row")
|
||||
$subject .= "/subjectAltName=$row";
|
||||
$subject = buildSubjectFromSession();
|
||||
$subject = mysql_real_escape_string($subject);
|
||||
mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
|
||||
|
||||
|
|
@ -938,6 +939,7 @@
|
|||
{
|
||||
echo _("You did not select any certificates for renewal.");
|
||||
}
|
||||
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
|
@ -1445,7 +1447,6 @@
|
|||
|
||||
if($oldid == 16 && $process != "")
|
||||
{
|
||||
|
||||
if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
|
||||
{
|
||||
$_REQUEST['codesign'] = 1;
|
||||
|
|
@ -1948,20 +1949,7 @@
|
|||
//if($org['contact'])
|
||||
// $csrsubject .= "/emailAddress=".trim($org['contact']);
|
||||
|
||||
if(is_array($_SESSION['_config']['rows']))
|
||||
foreach($_SESSION['_config']['rows'] as $row)
|
||||
$csrsubject .= "/commonName=$row";
|
||||
$SAN="";
|
||||
if(is_array($_SESSION['_config']['altrows']))
|
||||
foreach($_SESSION['_config']['altrows'] as $subalt)
|
||||
{
|
||||
if($SAN != "")
|
||||
$SAN .= ",";
|
||||
$SAN .= "$subalt";
|
||||
}
|
||||
|
||||
if($SAN != "")
|
||||
$csrsubject .= "/subjectAltName=".$SAN;
|
||||
$csrsubject .= buildSubjectFromSession();
|
||||
|
||||
$type="";
|
||||
if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
|
||||
|
|
@ -2757,8 +2745,8 @@
|
|||
|
||||
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
|
||||
"support@cacert.org", "", "", "CAcert Support");
|
||||
|
||||
}
|
||||
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,39 +15,61 @@
|
|||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/ ?>
|
||||
|
||||
<p>
|
||||
<?=_("Please make sure the following details are correct before proceeding any further.")?>
|
||||
<?=_("Please make sure the following details are correct before proceeding ".
|
||||
"any further.")?>
|
||||
</p>
|
||||
<?// print_r($_SESSION['_config']['altrows']); ?>
|
||||
|
||||
<p><?
|
||||
if (is_array($_SESSION['_config']['rows'])) {
|
||||
foreach ($_SESSION['_config']['rows'] as $row) {
|
||||
echo _("CommonName"), ": $row<br>\n";
|
||||
}
|
||||
}
|
||||
|
||||
if (is_array($_SESSION['_config']['altrows'])) {
|
||||
foreach ($_SESSION['_config']['altrows'] as $row) {
|
||||
echo _("subjectAltName"), ": $row<br>\n";
|
||||
}
|
||||
}
|
||||
?></p>
|
||||
|
||||
<p>
|
||||
<? if(is_array($_SESSION['_config']['rows']))
|
||||
foreach($_SESSION['_config']['rows'] as $row) { ?>
|
||||
<?=_("CommonName")?>: <?=$row?><br>
|
||||
<? } ?>
|
||||
<? if(is_array($_SESSION['_config']['altrows']))
|
||||
foreach($_SESSION['_config']['altrows'] as $row) { ?>
|
||||
<?=_("subjectAltName")?>: <?=$row?><br>
|
||||
<? } ?>
|
||||
<? if(1 == 0) { ?>
|
||||
<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br>
|
||||
<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br>
|
||||
<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br>
|
||||
<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br>
|
||||
<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br>
|
||||
<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br>
|
||||
<? } ?>
|
||||
<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?>
|
||||
<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?>
|
||||
<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br>
|
||||
<? foreach($_SESSION['_config']['rejected'] as $row) { ?>
|
||||
<?=_("Rejected")?>: <a href="account.php?id=7&newdomain=<?=$row?>"><?=$row?></a><br>
|
||||
<? } } ?>
|
||||
<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?>
|
||||
<form method="post" action="account.php">
|
||||
<input type="submit" name="process" value="<?=_("Submit")?>">
|
||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||
</form>
|
||||
<? } else { ?>
|
||||
<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b>
|
||||
<? } ?>
|
||||
<?=_("No additional information will be included on certificates because it ".
|
||||
"can not be automatically checked by the system.")?>
|
||||
</p>
|
||||
|
||||
<p><?
|
||||
if (array_key_exists('rejected',$_SESSION['_config']) &&
|
||||
is_array($_SESSION['_config']['rejected'])) {
|
||||
echo _("The following hostnames were rejected because the system couldn't ".
|
||||
"link them to your account, if they are valid please verify the ".
|
||||
"domains against your account."), "<br>\n";
|
||||
|
||||
foreach ($_SESSION['_config']['rejected'] as $row) {
|
||||
echo _("Rejected");
|
||||
echo ": <a href='account.php?id=7&newdomain=$row'>$row</a><br>\n";
|
||||
}
|
||||
}
|
||||
?></p>
|
||||
|
||||
<?
|
||||
if (is_array($_SESSION['_config']['rows']) ||
|
||||
is_array($_SESSION['_config']['altrows'])) {
|
||||
?>
|
||||
<form method="post" action="account.php">
|
||||
<p>
|
||||
<input type="submit" name="process" value="<?=_("Submit")?>">
|
||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||
</p>
|
||||
</form>
|
||||
<?
|
||||
} else {
|
||||
?>
|
||||
<p>
|
||||
<b><?=_("Unable to continue as no valid commonNames or ".
|
||||
"subjectAltNames were present on your certificate request.")?></b>
|
||||
</p>
|
||||
<?
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,41 +14,57 @@
|
|||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/ ?>
|
||||
<?
|
||||
$org = $_SESSION['_config']['row'];
|
||||
if($org['id'] <= 0)
|
||||
$org = $_SESSION['_config']['altrow'];
|
||||
*/
|
||||
|
||||
$org = $_SESSION['_config']['row'];
|
||||
if ($org['id'] <= 0) {
|
||||
$org = $_SESSION['_config']['altrow'];
|
||||
}
|
||||
?>
|
||||
|
||||
<p>
|
||||
<?=_("Please make sure the following details are correct before proceeding any further.")?>
|
||||
<?=_("Please make sure the following details are correct before proceeding ".
|
||||
"any further.")?>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<? if(is_array($_SESSION['_config']['rows']))
|
||||
foreach($_SESSION['_config']['rows'] as $row) { ?>
|
||||
<?=_("CommonName")?>: <?=$row?><br>
|
||||
<? } ?>
|
||||
<? if(is_array($_SESSION['_config']['altrows']))
|
||||
foreach($_SESSION['_config']['altrows'] as $row) { ?>
|
||||
<?=_("subjectAltName")?>: <?=$row?><br>
|
||||
<? } ?>
|
||||
<?=_("Organisation")?>: <?=$org['O']?><br>
|
||||
<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br>
|
||||
<?=_("Location")?>: <?=$org['L']?><br>
|
||||
<?=_("State/Province")?>: <?=$org['ST']?><br>
|
||||
<?=_("Country")?>: <?=$org['C']?><br>
|
||||
<p><?
|
||||
if (is_array($_SESSION['_config']['rows'])) {
|
||||
foreach ($_SESSION['_config']['rows'] as $row) {
|
||||
echo _("CommonName"), ": $row<br>\n";
|
||||
}
|
||||
}
|
||||
|
||||
if (is_array($_SESSION['_config']['altrows'])) {
|
||||
foreach ($_SESSION['_config']['altrows'] as $row) {
|
||||
echo _("subjectAltName"), ": $row<br>\n";
|
||||
}
|
||||
}
|
||||
|
||||
echo _("Organisation"), ": {$org['O']}<br>\n";
|
||||
echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n";
|
||||
echo _("Location"), ": {$org['L']}<br>\n";
|
||||
echo _("State/Province"), ": {$org['ST']}<br>\n";
|
||||
echo _("Country"), ": {$org['C']}<br>\n";
|
||||
?>
|
||||
|
||||
<form method="post" action="account.php">
|
||||
<input type="submit" name="process" value="<?=_("Submit")?>">
|
||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||
|
||||
|
||||
<? if($_SESSION['profile']['admin'] == 1) { ?>
|
||||
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
|
||||
<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?>
|
||||
<? } ?>
|
||||
<p>
|
||||
<input type="submit" name="process" value="<?=_("Submit")?>">
|
||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||
</p>
|
||||
|
||||
<?
|
||||
if ($_SESSION['profile']['admin'] == 1) {
|
||||
?>
|
||||
<p>
|
||||
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
|
||||
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
|
||||
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
|
||||
<input type="checkbox" name="ocspcert" value="OCSPCert"/>
|
||||
<?=_("OCSP certificate")?>
|
||||
</p>
|
||||
<?
|
||||
}
|
||||
?>
|
||||
|
||||
</form>
|
||||
</p>
|
||||
|
|
|
|||
Loading…
Reference in a new issue