michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-04 22:30:33 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix certmgr/signcsr not using configured openssl.cnf

Browse Source
This commit is contained in:
Josh Fisher
2017-06-08 11:07:26 -04:00
parent 873519e64e
commit 2ca5006c6c
5 changed files with 35 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
certmgr/certmgr-lib.pl Executable file → Normal file
View File

@@ -60,7 +60,8 @@ sub print_sign_form {
print &ui_table_start($text{'signcsr_header'}, undef, 2);
print &ui_table_row($text{'signcsr_csrfile'}, &ui_textbox("csrfile", $in{'csrfile'}, 40), undef, $valign_middle);
print &ui_table_row($text{'signcsr_signfile'}, &ui_textbox("signfile", $in{'signfile'}, 40), undef, $valign_middle);
print &ui_table_row($text{'signcsr_keyfile'}, &ui_textbox("keycertfile", $in{'keycertfile'}, 40), undef, $valign_middle);
print &ui_table_row($text{'signcsr_keycertfile'}, &ui_textbox("cacertfile", $in{'cacertfile'}, 40), undef, $valign_middle);
print &ui_table_row($text{'signcsr_keyfile'}, &ui_textbox("cakeyfile", $in{'cakeyfile'}, 40), undef, $valign_middle);
print &ui_table_row(&ui_link("/help.cgi/certmgr/signcsr_ca_pass",
"<b>$text{'signcsr_ca_passphrase'}</b>", undef,
"onClick='window.open(\"/help.cgi/certmgr/signcsr_ca_pass\", \"help\", \"toolbar=no,menubar=no,scrollbars=yes,width=400,height=300,resizable=yes\"); return false;'"),

1
certmgr/lang/de
View File

@@ -109,6 +109,7 @@ signcsr_days=Anzahl der Tage der Zertifizierung f&#252;r
signcsr_desc=Auf dieser Seite k&#246;nnen Sie eine signiertes CSR von jemand anderem mit einem eigenen privaten Schl&#252;ssel signieren.
signcsr_e_nocsrfile=Keinen CSR Dateinamen eingegeben
signcsr_e_nokeyfile=Kein CA privater Schl&#252;ssel oder Zertifikats-Datei eingegeben
signcsr_e_nopassword=Es wurde kein CA-Kennwort eingegeben
signcsr_e_nosignfile=Kein signiertes Zertifikats-Dateiname eingegeben
signcsr_e_signfailed=Fehler, signiertes Zertifikat nicht generiert
signcsr_generate=Signiere Zertifikat

1
certmgr/lang/en Executable file → Normal file
View File

@@ -135,6 +135,7 @@ signcsr_generate=Sign Certificate
signcsr_e_nocsrfile=No CSR filename entered
signcsr_e_nosignfile=No signed certificate filename entered
signcsr_e_nokeyfile=No CA private key file or certificate file entered
signcsr_e_nopassword=No CA private key password entered
signcsr_e_signfailed=Error, signed certificate not generated
signcsr_worked=Signed certificate generated
signcsr_saved_cert=The certificate was saved as

2
certmgr/lang/es Executable file → Normal file
View File

@@ -114,3 +114,5 @@ import_upload_cert=Upload Certificate
import_key_file=Key file to upload
import_key_destination=Destination directory of key
import_upload_key=Upload Key
signcsr_e_nopassword=No CA private key password entered

36
certmgr/signcsr.cgi Executable file → Normal file
View File

@@ -15,7 +15,10 @@ if ($in{'submitted'} eq "sign") {
if (!$in{'signfile'}) {
$error.=$text{'signcsr_e_nosignfile'}."<br>\n";
}
if (!$in{'keyfile'} || !$in{'keycertfile'}) {
if (!$in{'cakeyfile'}) {
$error.=$text{'signcsr_e_nokeyfile'}."<br>\n";
}
if (!$in{'cacertfile'}) {
$error.=$text{'signcsr_e_nokeyfile'}."<br>\n";
}
if (!$error) {
@@ -27,8 +30,8 @@ if ($in{'submitted'} eq "sign") {
$config{'incsr_filename'}; }
if (!$in{'signfile'}) { $in{'signfile'}=$config{'ssl_cert_dir'}."/".
$config{'sign_filename'}; }
if (!$in{'keyfile'}) { $in{'keyfile'}=$config{'cakey_path'}; }
if (!$in{'keycertfile'}) { $in{'keycertfile'}=$config{'cacert_path'};}
if (!$in{'cacertfile'}) { $in{'cacertfile'}=$config{'cacert_path'}; }
if (!$in{'cakeyfile'}) { $in{'cakeyfile'}=$config{'cakey_path'}; }
if (!$in{'days'}) { $in{'days'}=$config{'default_days'}; }
}
@@ -45,10 +48,12 @@ print &ui_hr();
sub process{
&foreign_require("webmin", "webmin-lib.pl");
local %miniserv;
local ($tempdir, $des, $out, $url);
local $error=0;
&get_miniserv_config(\%miniserv);
if (!$miniserv{'ca'}) {
&webmin::setup_ca();
}
}
if ((-e $in{'signfile'})&&($in{'overwrite'} ne "yes")) {
&overwriteprompt();
print &ui_hr();
@@ -57,11 +62,19 @@ sub process{
}
$tempdir = &tempname();
mkdir($tempdir, 0700);
if ($in{'password'}){ $des="-passin pass:".quotemeta($in{'password'}); }
$out = `yes | $config{'openssl_cmd'} ca -in $in{'csrfile'} -out $in{'signfile'} -cert $in{'keycertfile'} -keyfile $in{'keyfile'} -outdir $tempdir -days $in{'days'} -config $config_directory/acl/openssl.cnf $des 2>&1`;
if (keyfile_is_encrypted($in{'cakeyfile'})) {
if ($in{'password'}) { $des="-passin pass:".quotemeta($in{'password'}); }
else {
print "<b>$text{'signcsr_e_signfailed'}</b>\n<pre>$text{'signcsr_e_nopassword'}</pre>\n";
print &ui_hr();
&footer("", $text{'index_return'});
exit;
}
}
$out = `yes | $config{'openssl_cmd'} ca -in $in{'csrfile'} -out $in{'signfile'} -cert $in{'cacertfile'} -keyfile $in{'cakeyfile'} -outdir $tempdir -days $in{'days'} -config $config{'ssl_cnf_file'} $des 2>&1`;
system("rm -rf $tempdir");
if (!-e $in{'csrfile'}) {
if ($out =~ /^ERROR(.*$)/mi || $out =~ /:error:/mi) {
$error=$out;
} else{
$error=0;
@@ -109,3 +122,12 @@ sub overwriteprompt{
print &ui_table_end();
}
sub keyfile_is_encrypted{
my $key=$_[0];
my $encrypted=0;
open(KFILE,$key)||return(0);
while(<KFILE>){ if (/^Proc.*ENCRYPTED.*$/mi) { $encrypted=1; last; } }
close(KFILE);
return($encrypted);
}