diff -ruN phpki-ng.old/phpki-ng-0.84/ca/manage_certs.php phpki-ng/phpki-ng-0.84/ca/manage_certs.php
--- phpki-ng.old/phpki-ng-0.84/ca/manage_certs.php 2021-03-09 01:07:04.724068867 +0100
+++ phpki-ng/phpki-ng-0.84/ca/manage_certs.php 2021-03-09 01:06:28.843539880 +0100
@@ -218,7 +218,8 @@
Certificate Renewal Form |
- This will Revoke the old Certificate and Create a new one You can add a password if required |
+ This will Revoke the old Certificate and Create a new one
+ If a password was used to create the original certificate you must use it below |
@@ -254,7 +255,7 @@
- Certificate Password |
+ Certificate Password - might be required |
|
diff -ruN phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php
--- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php 2021-03-09 01:07:04.728068927 +0100
+++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php 2021-03-09 01:06:28.843539880 +0100
@@ -72,9 +72,9 @@
$cnf_contents = "
HOME = $configHOME
RANDFILE = $configRANDFILE
-dir = $configCa_dir
+dir = $configCa_dir
certs = $configCert_dir
-crl_dir = $configCrl_dir
+crl_dir = $configCrl_dir
database = $configDatabase
new_certs_dir = $configNew_certs_dir
private_dir = $configPrivate_dir
@@ -82,7 +82,7 @@
certificate = $configCacert_pem
crl = $configCacrl_pem
private_key = $configCakey
-crl_extentions = crl_ext
+crl_extentions = crl_ext
default_days = 365
default_crl_days = 30
preserve = no
@@ -497,7 +497,7 @@
function CA_cert_text($serial)
{
global $config;
- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
return(shell_exec(X509.' -in '.escshellarg($certfile).' -text -purpose 2>&1'));
}
@@ -539,7 +539,7 @@
function CA_cert_subject($serial)
{
global $config;
- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -subject 2>&1');
return(str_replace('subject=', '', $x));
}
@@ -560,7 +560,7 @@
function CA_cert_email($serial)
{
global $config;
- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -email 2>&1');
return($x);
}
@@ -571,7 +571,7 @@
function CA_cert_startdate($serial)
{
global $config;
- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -startdate 2>&1');
return(str_replace('notBefore=', '', $x));
}
@@ -582,7 +582,7 @@
function CA_cert_enddate($serial)
{
global $config;
- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
$x = exec(X509.' -in '.escshellarg($certfile).' -noout -enddate 2>&1');
return(str_replace('notAfter=', '', $x));
}
@@ -633,7 +633,7 @@
$userkey = $config['private_dir'] . "/$serial-key.pem";
$userreq = $config['req_dir'] ."/$serial-req.pem";
- $usercert = $config['new_certs_dir'].'/'.$serial.'.pem';
+ $usercert = $config['new_certs_dir'] . "/$serial.pem";
$userder = $config['cert_dir'] . "/$serial.der";
$userpfx = $config['pfx_dir'] . "/$serial.pfx";
@@ -765,7 +765,7 @@
# Get the next available serial number
$serial = trim(implode('', file($config['serial'])));
- $old_userkey = $config['private_dir'] . "$old_serial-key.pem";
+ $old_userkey = $config['private_dir'] . "/$old_serial-key.pem";
$old_userreq = $config['req_dir'] . "/$old_serial-req.pem";
$userkey = $config['private_dir'] . "/$serial-key.pem";
$userreq = $config['req_dir'] . "/$serial-req.pem";
@@ -836,6 +836,8 @@
#Unlock the CA database
fclose($fd);
+ // Why is this here?
+
//# https://github.com/radicand/phpki/issues/14 - but ereg is deprecated
if (preg_match('/E-mail Protection/', $certtext)) {
$cert_type = 'email';
@@ -946,11 +948,10 @@
$certtext = CA_cert_text($serial);
- if (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext)) {
- $cert_type = 'email';
- }
if (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext) && preg_match('~Code Signing~', $certtext)) {
$cert_type = 'email_signing'; // Was 'codesigning' but can't see that anywhere
+ } elseif (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext)) {
+ $cert_type = 'email';
} elseif (preg_match('~OpenSSL.* Server .*Certificate~', $certtext)) {
$cert_type = 'server';
} elseif (preg_match('~timeStamping|Time Stamping~', $certtext)) {