phpki-ng/contribs10/phpki-ng-bz12272-bz12273-crl-whitespacepass.patch

diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/dl_crl.php phpki-ng/phpki-ng-0.84/dl_crl.php
--- phpki-ng.old/phpki-ng-0.84/dl_crl.php       1969-12-31 19:00:00.000000000 -0500
+++ phpki-ng/phpki-ng-0.84/dl_crl.php   2022-12-14 12:11:25.455000000 -0500
@@ -0,0 +1,8 @@
+<?php
+include('./config.php');
+include(STORE_DIR.'/config/config.php');
+include('./include/common.php');
+include('./include/my_functions.php');
+include('./include/openssl_functions.php');
+upload($config['cacrl_der'], $config['ca_prefix'] . "cacrl.crl", 'application/pkix-crl');
+?>
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php
--- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php    2022-11-18 14:43:19.957000000 -0500
+++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php        2022-12-14 12:33:12.322000000 -0500
@@ -601,7 +601,7 @@
     $cmd_output[] = 'Revoking the certificate.';
     $configCa_pwd = $config['ca_pwd'];
     $configOpenssl_cnf = $config['openssl_cnf'];
-    exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:$configCa_pwd 2>&1", $cmd_output, $ret);
+    exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:'$configCa_pwd' 2>&1", $cmd_output, $ret);
 
     if ($ret == 0) {
         unset($cmd_output);
@@ -652,7 +652,7 @@
     $cmd_output[] = 'Creating certificate request.';
 
     if (($_passwd) && ($_passwd != "''")) {
-        exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd  2>&1", $cmd_output, $ret);
+        exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:'$_passwd'  2>&1", $cmd_output, $ret);
     } else {
         exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -nodes  2>&1", $cmd_output, $ret);
     }
@@ -681,8 +681,8 @@
         $configRandom = $config['random'];
 
         if (($_passwd) && ($_passwd != "''")) {
-            $cmd_output[] = "infile: $usercert   keyfile: $userkey   outfile: $userpfx  pass: $_passwd";
-            exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd  2>&1", $cmd_output, $ret);
+            $cmd_output[] = "infile: $usercert   keyfile: $userkey   outfile: $userpfx  pass:'$_passwd'";
+            exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd'  2>&1", $cmd_output, $ret);
         } else {
             $cmd_output[] = "infile: $usercert   keyfile: $userkey   outfile: $userpfx";
             // reetp - this needs looking at
@@ -823,8 +823,8 @@
         unset($cmd_output);
         $cmd_output[] = "Creating PKCS12 format certificate.";
         if (($_passwd) && ($_passwd != "''")) {
-            $cmd_output[] = "infile: $usercert   keyfile: $userkey   outfile: $userpfx  pass: $_passwd";
-            exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd  2>&1", $cmd_output, $ret);
+            $cmd_output[] = "infile: $usercert   keyfile: $userkey   outfile: $userpfx  pass:'$_passwd'";
+            exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd'  2>&1", $cmd_output, $ret);
         } else {
             $cmd_output[] = "infile: $usercert   keyfile: $userkey   outfile: $userpfx";
             // reetp - this needs looking at
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/openssl.cnf phpki-ng/phpki-ng-0.84/openssl.cnf
--- phpki-ng.old/phpki-ng-0.84/openssl.cnf      2020-04-02 08:22:47.000000000 -0400
+++ phpki-ng/phpki-ng-0.84/openssl.cnf  2022-12-14 12:09:57.115000000 -0500
@@ -60,7 +60,7 @@
 nsCertType             = sslCA, emailCA, objCA
 subjectKeyIdentifier   = hash
 subjectAltName         = email:copy
-crlDistributionPoints  = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
+crlDistributionPoints  = URI:http://www.somewhere.com/phpki/dl_crl.php
 nsComment              = "PHPki/OpenSSL Generated Root Certificate Authority"
 #nsCaRevocationUrl     = ns_revoke_query.php?
 nsCaPolicyUrl          = http://www.somewhere.com/phpki/policy.html
@@ -74,7 +74,7 @@
 authorityKeyIdentifier = keyid:always, issuer:always
 subjectAltName         = email:copy
 issuerAltName          = issuer:copy
-crlDistributionPoints  = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
+crlDistributionPoints  = URI:http://www.somewhere.com/phpki/dl_crl.php
 nsComment              = "PHPki/OpenSSL Generated Personal Certificate"
 nsBaseUrl              = http://www.somewhere.com/phpki/
 nsRevocationUrl               = ns_revoke_query.php?
@@ -91,7 +91,7 @@
 authorityKeyIdentifier = keyid:always, issuer:always
 subjectAltName         = email:copy
 issuerAltName          = issuer:copy
-crlDistributionPoints  = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
+crlDistributionPoints  = URI:http://www.somewhere.com/phpki/dl_crl.php
 nsComment              = "PHPki/OpenSSL Generated Personal Certificate"
 nsBaseUrl              = http://www.somewhere.com/phpki/
 nsRevocationUrl               = ns_revoke_query.php?
@@ -109,7 +109,7 @@
 authorityKeyIdentifier  = keyid:always, issuer:always
 subjectAltName          = email:copy
 issuerAltName           = issuer:copy
-crlDistributionPoints  = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
+crlDistributionPoints  = URI:http://www.somewhere.com/phpki/dl_crl.php
 nsComment              = "PHPki/OpenSSL Generated Secure Server Certificate"
 nsBaseUrl              = http://www.somewhere.com/phpki/
 nsRevocationUrl                = ns_revoke_query.php?
diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/setup.php-presetup phpki-ng/phpki-ng-0.84/setup.php-presetup
--- phpki-ng.old/phpki-ng-0.84/setup.php-presetup       2022-11-18 14:43:19.973000000 -0500
+++ phpki-ng/phpki-ng-0.84/setup.php-presetup   2022-12-14 12:08:40.031000000 -0500
@@ -887,7 +887,7 @@
         }
 
         if (! $crl_distrib) {
-            $crl_distrib = 'index.php?stage=dl_crl';
+            $crl_distrib = 'dl_crl.php';
         }
         if (! $revoke_url) {
             $revoke_url = 'ns_revoke_query.php?';
--- phpki-ng.old/phpki-ng-0.84/dl_crl_pem.php   1969-12-31 19:00:00.000000000 -0500
+++ phpki-ng/phpki-ng-0.84/dl_crl_pem.php       2022-12-17 02:14:51.499000000 -0500
@@ -0,0 +1,8 @@
+<?php
+include('./config.php');
+include(STORE_DIR.'/config/config.php');
+include('./include/common.php');
+include('./include/my_functions.php');
+include('./include/openssl_functions.php');
+upload($config['cacrl_pem'], $config['ca_prefix'] . "cacrl.crl", 'application/octet-stream');
+?>
1	diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/dl_crl.php phpki-ng/phpki-ng-0.84/dl_crl.php
2	--- phpki-ng.old/phpki-ng-0.84/dl_crl.php 1969-12-31 19:00:00.000000000 -0500
3	+++ phpki-ng/phpki-ng-0.84/dl_crl.php 2022-12-14 12:11:25.455000000 -0500
4	@@ -0,0 +1,8 @@
5	+<?php
6	+include('./config.php');
7	+include(STORE_DIR.'/config/config.php');
8	+include('./include/common.php');
9	+include('./include/my_functions.php');
10	+include('./include/openssl_functions.php');
11	+upload($config['cacrl_der'], $config['ca_prefix'] . "cacrl.crl", 'application/pkix-crl');
12	+?>
13	diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php
14	--- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php 2022-11-18 14:43:19.957000000 -0500
15	+++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php 2022-12-14 12:33:12.322000000 -0500
16	@@ -601,7 +601,7 @@
17	$cmd_output[] = 'Revoking the certificate.';
18	$configCa_pwd = $config['ca_pwd'];
19	$configOpenssl_cnf = $config['openssl_cnf'];
20	- exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:$configCa_pwd 2>&1", $cmd_output, $ret);
21	+ exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:'$configCa_pwd' 2>&1", $cmd_output, $ret);
22
23	if ($ret == 0) {
24	unset($cmd_output);
25	@@ -652,7 +652,7 @@
26	$cmd_output[] = 'Creating certificate request.';
27
28	if (($_passwd) && ($_passwd != "''")) {
29	- exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret);
30	+ exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret);
31	} else {
32	exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -nodes 2>&1", $cmd_output, $ret);
33	}
34	@@ -681,8 +681,8 @@
35	$configRandom = $config['random'];
36
37	if (($_passwd) && ($_passwd != "''")) {
38	- $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd";
39	- exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret);
40	+ $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'";
41	+ exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret);
42	} else {
43	$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx";
44	// reetp - this needs looking at
45	@@ -823,8 +823,8 @@
46	unset($cmd_output);
47	$cmd_output[] = "Creating PKCS12 format certificate.";
48	if (($_passwd) && ($_passwd != "''")) {
49	- $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd";
50	- exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret);
51	+ $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'";
52	+ exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret);
53	} else {
54	$cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx";
55	// reetp - this needs looking at
56	diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/openssl.cnf phpki-ng/phpki-ng-0.84/openssl.cnf
57	--- phpki-ng.old/phpki-ng-0.84/openssl.cnf 2020-04-02 08:22:47.000000000 -0400
58	+++ phpki-ng/phpki-ng-0.84/openssl.cnf 2022-12-14 12:09:57.115000000 -0500
59	@@ -60,7 +60,7 @@
60	nsCertType = sslCA, emailCA, objCA
61	subjectKeyIdentifier = hash
62	subjectAltName = email:copy
63	-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
64	+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
65	nsComment = "PHPki/OpenSSL Generated Root Certificate Authority"
66	#nsCaRevocationUrl = ns_revoke_query.php?
67	nsCaPolicyUrl = http://www.somewhere.com/phpki/policy.html
68	@@ -74,7 +74,7 @@
69	authorityKeyIdentifier = keyid:always, issuer:always
70	subjectAltName = email:copy
71	issuerAltName = issuer:copy
72	-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
73	+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
74	nsComment = "PHPki/OpenSSL Generated Personal Certificate"
75	nsBaseUrl = http://www.somewhere.com/phpki/
76	nsRevocationUrl = ns_revoke_query.php?
77	@@ -91,7 +91,7 @@
78	authorityKeyIdentifier = keyid:always, issuer:always
79	subjectAltName = email:copy
80	issuerAltName = issuer:copy
81	-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
82	+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
83	nsComment = "PHPki/OpenSSL Generated Personal Certificate"
84	nsBaseUrl = http://www.somewhere.com/phpki/
85	nsRevocationUrl = ns_revoke_query.php?
86	@@ -109,7 +109,7 @@
87	authorityKeyIdentifier = keyid:always, issuer:always
88	subjectAltName = email:copy
89	issuerAltName = issuer:copy
90	-crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
91	+crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
92	nsComment = "PHPki/OpenSSL Generated Secure Server Certificate"
93	nsBaseUrl = http://www.somewhere.com/phpki/
94	nsRevocationUrl = ns_revoke_query.php?
95	diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/setup.php-presetup phpki-ng/phpki-ng-0.84/setup.php-presetup
96	--- phpki-ng.old/phpki-ng-0.84/setup.php-presetup 2022-11-18 14:43:19.973000000 -0500
97	+++ phpki-ng/phpki-ng-0.84/setup.php-presetup 2022-12-14 12:08:40.031000000 -0500
98	@@ -887,7 +887,7 @@
99	}
100
101	if (! $crl_distrib) {
102	- $crl_distrib = 'index.php?stage=dl_crl';
103	+ $crl_distrib = 'dl_crl.php';
104	}
105	if (! $revoke_url) {
106	$revoke_url = 'ns_revoke_query.php?';
107	--- phpki-ng.old/phpki-ng-0.84/dl_crl_pem.php 1969-12-31 19:00:00.000000000 -0500
108	+++ phpki-ng/phpki-ng-0.84/dl_crl_pem.php 2022-12-17 02:14:51.499000000 -0500
109	@@ -0,0 +1,8 @@
110	+<?php
111	+include('./config.php');
112	+include(STORE_DIR.'/config/config.php');
113	+include('./include/common.php');
114	+include('./include/my_functions.php');
115	+include('./include/openssl_functions.php');
116	+upload($config['cacrl_pem'], $config['ca_prefix'] . "cacrl.crl", 'application/octet-stream');
117	+?>