1 |
jpp |
1.1 |
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/dl_crl.php phpki-ng/phpki-ng-0.84/dl_crl.php |
2 |
|
|
--- phpki-ng.old/phpki-ng-0.84/dl_crl.php 1969-12-31 19:00:00.000000000 -0500 |
3 |
|
|
+++ phpki-ng/phpki-ng-0.84/dl_crl.php 2022-12-14 12:11:25.455000000 -0500 |
4 |
|
|
@@ -0,0 +1,8 @@ |
5 |
|
|
+<?php |
6 |
|
|
+include('./config.php'); |
7 |
|
|
+include(STORE_DIR.'/config/config.php'); |
8 |
|
|
+include('./include/common.php'); |
9 |
|
|
+include('./include/my_functions.php'); |
10 |
|
|
+include('./include/openssl_functions.php'); |
11 |
|
|
+upload($config['cacrl_der'], $config['ca_prefix'] . "cacrl.crl", 'application/pkix-crl'); |
12 |
|
|
+?> |
13 |
|
|
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php |
14 |
|
|
--- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php 2022-11-18 14:43:19.957000000 -0500 |
15 |
|
|
+++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php 2022-12-14 12:33:12.322000000 -0500 |
16 |
|
|
@@ -601,7 +601,7 @@ |
17 |
|
|
$cmd_output[] = 'Revoking the certificate.'; |
18 |
|
|
$configCa_pwd = $config['ca_pwd']; |
19 |
|
|
$configOpenssl_cnf = $config['openssl_cnf']; |
20 |
|
|
- exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:$configCa_pwd 2>&1", $cmd_output, $ret); |
21 |
|
|
+ exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:'$configCa_pwd' 2>&1", $cmd_output, $ret); |
22 |
|
|
|
23 |
|
|
if ($ret == 0) { |
24 |
|
|
unset($cmd_output); |
25 |
|
|
@@ -652,7 +652,7 @@ |
26 |
|
|
$cmd_output[] = 'Creating certificate request.'; |
27 |
|
|
|
28 |
|
|
if (($_passwd) && ($_passwd != "''")) { |
29 |
|
|
- exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret); |
30 |
|
|
+ exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret); |
31 |
|
|
} else { |
32 |
|
|
exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -nodes 2>&1", $cmd_output, $ret); |
33 |
|
|
} |
34 |
|
|
@@ -681,8 +681,8 @@ |
35 |
|
|
$configRandom = $config['random']; |
36 |
|
|
|
37 |
|
|
if (($_passwd) && ($_passwd != "''")) { |
38 |
|
|
- $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd"; |
39 |
|
|
- exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret); |
40 |
|
|
+ $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'"; |
41 |
|
|
+ exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret); |
42 |
|
|
} else { |
43 |
|
|
$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx"; |
44 |
|
|
// reetp - this needs looking at |
45 |
|
|
@@ -823,8 +823,8 @@ |
46 |
|
|
unset($cmd_output); |
47 |
|
|
$cmd_output[] = "Creating PKCS12 format certificate."; |
48 |
|
|
if (($_passwd) && ($_passwd != "''")) { |
49 |
|
|
- $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd"; |
50 |
|
|
- exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret); |
51 |
|
|
+ $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'"; |
52 |
|
|
+ exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret); |
53 |
|
|
} else { |
54 |
|
|
$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx"; |
55 |
|
|
// reetp - this needs looking at |
56 |
|
|
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/openssl.cnf phpki-ng/phpki-ng-0.84/openssl.cnf |
57 |
|
|
--- phpki-ng.old/phpki-ng-0.84/openssl.cnf 2020-04-02 08:22:47.000000000 -0400 |
58 |
|
|
+++ phpki-ng/phpki-ng-0.84/openssl.cnf 2022-12-14 12:09:57.115000000 -0500 |
59 |
|
|
@@ -60,7 +60,7 @@ |
60 |
|
|
nsCertType = sslCA, emailCA, objCA |
61 |
|
|
subjectKeyIdentifier = hash |
62 |
|
|
subjectAltName = email:copy |
63 |
|
|
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
64 |
|
|
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
65 |
|
|
nsComment = "PHPki/OpenSSL Generated Root Certificate Authority" |
66 |
|
|
#nsCaRevocationUrl = ns_revoke_query.php? |
67 |
|
|
nsCaPolicyUrl = http://www.somewhere.com/phpki/policy.html |
68 |
|
|
@@ -74,7 +74,7 @@ |
69 |
|
|
authorityKeyIdentifier = keyid:always, issuer:always |
70 |
|
|
subjectAltName = email:copy |
71 |
|
|
issuerAltName = issuer:copy |
72 |
|
|
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
73 |
|
|
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
74 |
|
|
nsComment = "PHPki/OpenSSL Generated Personal Certificate" |
75 |
|
|
nsBaseUrl = http://www.somewhere.com/phpki/ |
76 |
|
|
nsRevocationUrl = ns_revoke_query.php? |
77 |
|
|
@@ -91,7 +91,7 @@ |
78 |
|
|
authorityKeyIdentifier = keyid:always, issuer:always |
79 |
|
|
subjectAltName = email:copy |
80 |
|
|
issuerAltName = issuer:copy |
81 |
|
|
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
82 |
|
|
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
83 |
|
|
nsComment = "PHPki/OpenSSL Generated Personal Certificate" |
84 |
|
|
nsBaseUrl = http://www.somewhere.com/phpki/ |
85 |
|
|
nsRevocationUrl = ns_revoke_query.php? |
86 |
|
|
@@ -109,7 +109,7 @@ |
87 |
|
|
authorityKeyIdentifier = keyid:always, issuer:always |
88 |
|
|
subjectAltName = email:copy |
89 |
|
|
issuerAltName = issuer:copy |
90 |
|
|
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
91 |
|
|
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
92 |
|
|
nsComment = "PHPki/OpenSSL Generated Secure Server Certificate" |
93 |
|
|
nsBaseUrl = http://www.somewhere.com/phpki/ |
94 |
|
|
nsRevocationUrl = ns_revoke_query.php? |
95 |
|
|
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/setup.php-presetup phpki-ng/phpki-ng-0.84/setup.php-presetup |
96 |
|
|
--- phpki-ng.old/phpki-ng-0.84/setup.php-presetup 2022-11-18 14:43:19.973000000 -0500 |
97 |
|
|
+++ phpki-ng/phpki-ng-0.84/setup.php-presetup 2022-12-14 12:08:40.031000000 -0500 |
98 |
|
|
@@ -887,7 +887,7 @@ |
99 |
|
|
} |
100 |
|
|
|
101 |
|
|
if (! $crl_distrib) { |
102 |
|
|
- $crl_distrib = 'index.php?stage=dl_crl'; |
103 |
|
|
+ $crl_distrib = 'dl_crl.php'; |
104 |
|
|
} |
105 |
|
|
if (! $revoke_url) { |
106 |
|
|
$revoke_url = 'ns_revoke_query.php?'; |