phpki-ng/contribs10/phpki-ng-0.84-fix-missing-slash-certtype-detection.patch

diff -ruN phpki-ng.old/phpki-ng-0.84/ca/manage_certs.php phpki-ng/phpki-ng-0.84/ca/manage_certs.php
--- phpki-ng.old/phpki-ng-0.84/ca/manage_certs.php      2021-03-09 01:07:04.724068867 +0100
+++ phpki-ng/phpki-ng-0.84/ca/manage_certs.php  2021-03-09 01:06:28.843539880 +0100
@@ -218,7 +218,8 @@
         <th colspan="2"><h3>Certificate Renewal Form</h3></th>
 
         <tr>
-        <td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
+        <td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>
+        <font color=red>If a password was used to create the original certificate you must use it below</font></td>
         </tr>
 
         <tr>
@@ -254,7 +255,7 @@
         </tr>
 
         <tr>
-        <td>Certificate Password</td>
+        <td>Certificate Password <font color=red>- might be required</font></td>
         <td><input type="password" name="passwd" value="<?php echo  htvar($passwd) ?>" size="30"></td>
         </tr>
 
diff -ruN phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php
--- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php    2021-03-09 01:07:04.728068927 +0100
+++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php        2021-03-09 01:06:28.843539880 +0100
@@ -72,9 +72,9 @@
     $cnf_contents = "
 HOME             = $configHOME
 RANDFILE         = $configRANDFILE
-dir                 = $configCa_dir
+dir              = $configCa_dir
 certs            = $configCert_dir
-crl_dir                 = $configCrl_dir
+crl_dir          = $configCrl_dir
 database         = $configDatabase
 new_certs_dir    = $configNew_certs_dir
 private_dir      = $configPrivate_dir
@@ -82,7 +82,7 @@
 certificate      = $configCacert_pem
 crl              = $configCacrl_pem
 private_key      = $configCakey
-crl_extentions  = crl_ext
+crl_extentions   = crl_ext
 default_days     = 365
 default_crl_days = 30
 preserve         = no
@@ -497,7 +497,7 @@
 function CA_cert_text($serial)
 {
     global $config;
-    $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+    $certfile = $config['new_certs_dir'] . "/$serial.pem";
     return(shell_exec(X509.' -in '.escshellarg($certfile).' -text -purpose 2>&1'));
 }
 
@@ -539,7 +539,7 @@
 function CA_cert_subject($serial)
 {
     global $config;
-    $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+    $certfile = $config['new_certs_dir'] . "/$serial.pem";
     $x = exec(X509.' -in '.escshellarg($certfile).' -noout -subject 2>&1');
     return(str_replace('subject=', '', $x));
 }
@@ -560,7 +560,7 @@
 function CA_cert_email($serial)
 {
     global $config;
-    $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+    $certfile = $config['new_certs_dir'] . "/$serial.pem";
     $x = exec(X509.' -in '.escshellarg($certfile).' -noout -email 2>&1');
     return($x);
 }
@@ -571,7 +571,7 @@
 function CA_cert_startdate($serial)
 {
     global $config;
-    $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+    $certfile = $config['new_certs_dir'] . "/$serial.pem";
     $x = exec(X509.' -in '.escshellarg($certfile).' -noout -startdate 2>&1');
     return(str_replace('notBefore=', '', $x));
 }
@@ -582,7 +582,7 @@
 function CA_cert_enddate($serial)
 {
     global $config;
-    $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
+    $certfile = $config['new_certs_dir'] . "/$serial.pem";
     $x = exec(X509.' -in '.escshellarg($certfile).' -noout -enddate  2>&1');
     return(str_replace('notAfter=', '', $x));
 }
@@ -633,7 +633,7 @@
 
     $userkey   = $config['private_dir'] . "/$serial-key.pem";
     $userreq   = $config['req_dir'] ."/$serial-req.pem";
-    $usercert  = $config['new_certs_dir'].'/'.$serial.'.pem';
+    $usercert  = $config['new_certs_dir'] . "/$serial.pem";
     $userder   = $config['cert_dir'] . "/$serial.der";
     $userpfx   = $config['pfx_dir'] . "/$serial.pfx";
 
@@ -765,7 +765,7 @@
     # Get the next available serial number
     $serial = trim(implode('', file($config['serial'])));
 
-    $old_userkey = $config['private_dir'] . "$old_serial-key.pem";
+    $old_userkey = $config['private_dir'] . "/$old_serial-key.pem";
     $old_userreq = $config['req_dir'] . "/$old_serial-req.pem";
     $userkey     = $config['private_dir'] . "/$serial-key.pem";
     $userreq     = $config['req_dir'] . "/$serial-req.pem";
@@ -836,6 +836,8 @@
     #Unlock the CA database
     fclose($fd);
 
+    // Why is this here?
+    
     //# https://github.com/radicand/phpki/issues/14 - but ereg is deprecated
     if (preg_match('/E-mail Protection/', $certtext)) {
         $cert_type = 'email';
@@ -946,11 +948,10 @@
 
     $certtext = CA_cert_text($serial);
 
-    if (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext)) {
-        $cert_type = 'email';
-    }
     if (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext) && preg_match('~Code Signing~', $certtext)) {
         $cert_type = 'email_signing'; // Was 'codesigning' but can't see that anywhere
+    } elseif (preg_match('~OpenSSL.* (E.?mail|Personal) .*Certificate~', $certtext)) {
+        $cert_type = 'email';
     } elseif (preg_match('~OpenSSL.* Server .*Certificate~', $certtext)) {
         $cert_type = 'server';
     } elseif (preg_match('~timeStamping|Time Stamping~', $certtext)) {
1	jcrisp	1.1	diff -ruN phpki-ng.old/phpki-ng-0.84/ca/manage_certs.php phpki-ng/phpki-ng-0.84/ca/manage_certs.php
2			--- phpki-ng.old/phpki-ng-0.84/ca/manage_certs.php 2021-03-09 01:07:04.724068867 +0100
3			+++ phpki-ng/phpki-ng-0.84/ca/manage_certs.php 2021-03-09 01:06:28.843539880 +0100
4			@@ -218,7 +218,8 @@
5			<th colspan="2"><h3>Certificate Renewal Form</h3></th>
6
7			<tr>
8			- <td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
9			+ <td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>
10			+ <font color=red>If a password was used to create the original certificate you must use it below</font></td>
11			</tr>
12
13			<tr>
14			@@ -254,7 +255,7 @@
15			</tr>
16
17			<tr>
18			- <td>Certificate Password</td>
19			+ <td>Certificate Password <font color=red>- might be required</font></td>
20			<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
21			</tr>
22
23			diff -ruN phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php
24			--- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php 2021-03-09 01:07:04.728068927 +0100
25			+++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php 2021-03-09 01:06:28.843539880 +0100
26			@@ -72,9 +72,9 @@
27			$cnf_contents = "
28			HOME = $configHOME
29			RANDFILE = $configRANDFILE
30			-dir = $configCa_dir
31			+dir = $configCa_dir
32			certs = $configCert_dir
33			-crl_dir = $configCrl_dir
34			+crl_dir = $configCrl_dir
35			database = $configDatabase
36			new_certs_dir = $configNew_certs_dir
37			private_dir = $configPrivate_dir
38			@@ -82,7 +82,7 @@
39			certificate = $configCacert_pem
40			crl = $configCacrl_pem
41			private_key = $configCakey
42			-crl_extentions = crl_ext
43			+crl_extentions = crl_ext
44			default_days = 365
45			default_crl_days = 30
46			preserve = no
47			@@ -497,7 +497,7 @@
48			function CA_cert_text($serial)
49			{
50			global $config;
51			- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
52			+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
53			return(shell_exec(X509.' -in '.escshellarg($certfile).' -text -purpose 2>&1'));
54			}
55
56			@@ -539,7 +539,7 @@
57			function CA_cert_subject($serial)
58			{
59			global $config;
60			- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
61			+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
62			$x = exec(X509.' -in '.escshellarg($certfile).' -noout -subject 2>&1');
63			return(str_replace('subject=', '', $x));
64			}
65			@@ -560,7 +560,7 @@
66			function CA_cert_email($serial)
67			{
68			global $config;
69			- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
70			+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
71			$x = exec(X509.' -in '.escshellarg($certfile).' -noout -email 2>&1');
72			return($x);
73			}
74			@@ -571,7 +571,7 @@
75			function CA_cert_startdate($serial)
76			{
77			global $config;
78			- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
79			+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
80			$x = exec(X509.' -in '.escshellarg($certfile).' -noout -startdate 2>&1');
81			return(str_replace('notBefore=', '', $x));
82			}
83			@@ -582,7 +582,7 @@
84			function CA_cert_enddate($serial)
85			{
86			global $config;
87			- $certfile = $config['new_certs_dir'] . '/' . $serial . '.pem';
88			+ $certfile = $config['new_certs_dir'] . "/$serial.pem";
89			$x = exec(X509.' -in '.escshellarg($certfile).' -noout -enddate 2>&1');
90			return(str_replace('notAfter=', '', $x));
91			}
92			@@ -633,7 +633,7 @@
93
94			$userkey = $config['private_dir'] . "/$serial-key.pem";
95			$userreq = $config['req_dir'] ."/$serial-req.pem";
96			- $usercert = $config['new_certs_dir'].'/'.$serial.'.pem';
97			+ $usercert = $config['new_certs_dir'] . "/$serial.pem";
98			$userder = $config['cert_dir'] . "/$serial.der";
99			$userpfx = $config['pfx_dir'] . "/$serial.pfx";
100
101			@@ -765,7 +765,7 @@
102			# Get the next available serial number
103			$serial = trim(implode('', file($config['serial'])));
104
105			- $old_userkey = $config['private_dir'] . "$old_serial-key.pem";
106			+ $old_userkey = $config['private_dir'] . "/$old_serial-key.pem";
107			$old_userreq = $config['req_dir'] . "/$old_serial-req.pem";
108			$userkey = $config['private_dir'] . "/$serial-key.pem";
109			$userreq = $config['req_dir'] . "/$serial-req.pem";
110			@@ -836,6 +836,8 @@
111			#Unlock the CA database
112			fclose($fd);
113
114			+ // Why is this here?
115			+
116			//# https://github.com/radicand/phpki/issues/14 - but ereg is deprecated
117			if (preg_match('/E-mail Protection/', $certtext)) {
118			$cert_type = 'email';
119			@@ -946,11 +948,10 @@
120
121			$certtext = CA_cert_text($serial);
122
123			- if (preg_match('~OpenSSL.* (E.?mail\|Personal) .*Certificate~', $certtext)) {
124			- $cert_type = 'email';
125			- }
126			if (preg_match('~OpenSSL.* (E.?mail\|Personal) .*Certificate~', $certtext) && preg_match('~Code Signing~', $certtext)) {
127			$cert_type = 'email_signing'; // Was 'codesigning' but can't see that anywhere
128			+ } elseif (preg_match('~OpenSSL.* (E.?mail\|Personal) .*Certificate~', $certtext)) {
129			+ $cert_type = 'email';
130			} elseif (preg_match('~OpenSSL.* Server .*Certificate~', $certtext)) {
131			$cert_type = 'server';
132			} elseif (preg_match('~timeStamping\|Time Stamping~', $certtext)) {