1 |
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/dl_crl.php phpki-ng/phpki-ng-0.84/dl_crl.php |
2 |
--- phpki-ng.old/phpki-ng-0.84/dl_crl.php 1969-12-31 19:00:00.000000000 -0500 |
3 |
+++ phpki-ng/phpki-ng-0.84/dl_crl.php 2022-12-14 12:11:25.455000000 -0500 |
4 |
@@ -0,0 +1,8 @@ |
5 |
+<?php |
6 |
+include('./config.php'); |
7 |
+include(STORE_DIR.'/config/config.php'); |
8 |
+include('./include/common.php'); |
9 |
+include('./include/my_functions.php'); |
10 |
+include('./include/openssl_functions.php'); |
11 |
+upload($config['cacrl_der'], $config['ca_prefix'] . "cacrl.crl", 'application/pkix-crl'); |
12 |
+?> |
13 |
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php |
14 |
--- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php 2022-11-18 14:43:19.957000000 -0500 |
15 |
+++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php 2022-12-14 12:33:12.322000000 -0500 |
16 |
@@ -601,7 +601,7 @@ |
17 |
$cmd_output[] = 'Revoking the certificate.'; |
18 |
$configCa_pwd = $config['ca_pwd']; |
19 |
$configOpenssl_cnf = $config['openssl_cnf']; |
20 |
- exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:$configCa_pwd 2>&1", $cmd_output, $ret); |
21 |
+ exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:'$configCa_pwd' 2>&1", $cmd_output, $ret); |
22 |
|
23 |
if ($ret == 0) { |
24 |
unset($cmd_output); |
25 |
@@ -652,7 +652,7 @@ |
26 |
$cmd_output[] = 'Creating certificate request.'; |
27 |
|
28 |
if (($_passwd) && ($_passwd != "''")) { |
29 |
- exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret); |
30 |
+ exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret); |
31 |
} else { |
32 |
exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -nodes 2>&1", $cmd_output, $ret); |
33 |
} |
34 |
@@ -681,8 +681,8 @@ |
35 |
$configRandom = $config['random']; |
36 |
|
37 |
if (($_passwd) && ($_passwd != "''")) { |
38 |
- $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd"; |
39 |
- exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret); |
40 |
+ $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'"; |
41 |
+ exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret); |
42 |
} else { |
43 |
$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx"; |
44 |
// reetp - this needs looking at |
45 |
@@ -823,8 +823,8 @@ |
46 |
unset($cmd_output); |
47 |
$cmd_output[] = "Creating PKCS12 format certificate."; |
48 |
if (($_passwd) && ($_passwd != "''")) { |
49 |
- $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd"; |
50 |
- exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret); |
51 |
+ $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'"; |
52 |
+ exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret); |
53 |
} else { |
54 |
$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx"; |
55 |
// reetp - this needs looking at |
56 |
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/openssl.cnf phpki-ng/phpki-ng-0.84/openssl.cnf |
57 |
--- phpki-ng.old/phpki-ng-0.84/openssl.cnf 2020-04-02 08:22:47.000000000 -0400 |
58 |
+++ phpki-ng/phpki-ng-0.84/openssl.cnf 2022-12-14 12:09:57.115000000 -0500 |
59 |
@@ -60,7 +60,7 @@ |
60 |
nsCertType = sslCA, emailCA, objCA |
61 |
subjectKeyIdentifier = hash |
62 |
subjectAltName = email:copy |
63 |
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
64 |
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
65 |
nsComment = "PHPki/OpenSSL Generated Root Certificate Authority" |
66 |
#nsCaRevocationUrl = ns_revoke_query.php? |
67 |
nsCaPolicyUrl = http://www.somewhere.com/phpki/policy.html |
68 |
@@ -74,7 +74,7 @@ |
69 |
authorityKeyIdentifier = keyid:always, issuer:always |
70 |
subjectAltName = email:copy |
71 |
issuerAltName = issuer:copy |
72 |
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
73 |
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
74 |
nsComment = "PHPki/OpenSSL Generated Personal Certificate" |
75 |
nsBaseUrl = http://www.somewhere.com/phpki/ |
76 |
nsRevocationUrl = ns_revoke_query.php? |
77 |
@@ -91,7 +91,7 @@ |
78 |
authorityKeyIdentifier = keyid:always, issuer:always |
79 |
subjectAltName = email:copy |
80 |
issuerAltName = issuer:copy |
81 |
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
82 |
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
83 |
nsComment = "PHPki/OpenSSL Generated Personal Certificate" |
84 |
nsBaseUrl = http://www.somewhere.com/phpki/ |
85 |
nsRevocationUrl = ns_revoke_query.php? |
86 |
@@ -109,7 +109,7 @@ |
87 |
authorityKeyIdentifier = keyid:always, issuer:always |
88 |
subjectAltName = email:copy |
89 |
issuerAltName = issuer:copy |
90 |
-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl |
91 |
+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php |
92 |
nsComment = "PHPki/OpenSSL Generated Secure Server Certificate" |
93 |
nsBaseUrl = http://www.somewhere.com/phpki/ |
94 |
nsRevocationUrl = ns_revoke_query.php? |
95 |
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/search.php phpki-ng/phpki-ng-0.84/search.php |
96 |
--- phpki-ng.old/phpki-ng-0.84/search.php 2022-11-18 14:43:19.942000000 -0500 |
97 |
+++ phpki-ng/phpki-ng-0.84/search.php 2022-12-14 12:02:02.321000000 -0500 |
98 |
@@ -102,7 +102,7 @@ |
99 |
<td><?php echo htvar($rec['unit'])?></td> |
100 |
<td><?php echo htvar($rec['locality'])?></td> |
101 |
<td><?php echo htvar($rec['province'])?></td> |
102 |
- <td><a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?> ?stage=display&serial=<?php echo htvar($rec['serial'])?>" target=_certdisp><img src=images/display.png alt="Display" title="Display the certificate in excruciating detail"></a> |
103 |
+ <td><a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>?stage=display&serial=<?php echo htvar($rec['serial'])?>" target=_certdisp><img src=images/display.png alt="Display" title="Display the certificate in excruciating detail"></a> |
104 |
<?php |
105 |
if ($rec['status'] != 'Revoked') { |
106 |
?> |
107 |
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/setup.php-presetup phpki-ng/phpki-ng-0.84/setup.php-presetup |
108 |
--- phpki-ng.old/phpki-ng-0.84/setup.php-presetup 2022-11-18 14:43:19.973000000 -0500 |
109 |
+++ phpki-ng/phpki-ng-0.84/setup.php-presetup 2022-12-14 12:08:40.031000000 -0500 |
110 |
@@ -887,7 +887,7 @@ |
111 |
} |
112 |
|
113 |
if (! $crl_distrib) { |
114 |
- $crl_distrib = 'index.php?stage=dl_crl'; |
115 |
+ $crl_distrib = 'dl_crl.php'; |
116 |
} |
117 |
if (! $revoke_url) { |
118 |
$revoke_url = 'ns_revoke_query.php?'; |