From 3706f7862b7f413357fd240d2575acd60809288f Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sat, 26 Apr 2025 20:25:31 -0700
Subject: [PATCH] Certs can start with BEGIN PUBLIC KEY

---
 bind8/save_tls.cgi   | 38 ++++++++++++++++++++++++++++++++++++++
 webmin/webmin-lib.pl |  4 ++--
 2 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 bind8/save_tls.cgi

diff --git a/bind8/save_tls.cgi b/bind8/save_tls.cgi
new file mode 100644
index 000000000..0f7a5a169
--- /dev/null
+++ b/bind8/save_tls.cgi
@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl
+# Create, update or delete a TLS key and cert
+
+use strict;
+use warnings;
+no warnings 'redefine';
+no warnings 'uninitialized';
+our (%access, %text, %in);
+
+require './bind8-lib.pl';
+$access{'defaults'} || &error($text{'tls_ecannot'});
+&supports_tls() || &error($text{'tls_esupport'});
+&ReadParse();
+&error_setup($in{'new'} ? $text{'tls_cerr'} :
+	     $in{'delete'} ? $text{'tls_derr'} : $text{'tls_err'});
+
+# Get the TLS config being edited
+my $tls;
+if (!$in{'new'}) {
+	my $conf = &get_config();
+	my @tls = &find("tls", $conf);
+	($tls) = grep { $_->{'values'}->[0] eq $in{'name'} } @tls;
+	$tls || &error($text{'tls_egone'});
+	}
+else {
+	$tls = { 'values' => [],
+		 'members' => [] };
+	}
+
+if ($in{'delete'}) {
+	# Just remove this one TLS key, if unused
+	}
+else {
+	# Validate inputs
+	$in{'name'} =~ /^[a-z0-9\-\_]+$/i || &error($text{'tls_ename'});
+	}
+
+
diff --git a/webmin/webmin-lib.pl b/webmin/webmin-lib.pl
index 4e167802b..e9a8d348b 100755
--- a/webmin/webmin-lib.pl
+++ b/webmin/webmin-lib.pl
@@ -1161,12 +1161,12 @@ my $key = &read_file_contents($keyfile);
 $key =~ /BEGIN (RSA |EC )?PRIVATE KEY/i ||  
 	&error(&text('ssl_ekey2', $keyfile));
 if (!$certfile) {
-	$key =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert2', $keyfile));
+	$key =~ /BEGIN (CERTIFICATE|PUBLIC KEY)/ || &error(&text('ssl_ecert2', $keyfile));
 	}
 else {
 	-r $certfile || return &error(&text('ssl_ecert', $certfile));
 	my $cert = &read_file_contents($certfile);
-	$cert =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert2', $certfile));
+	$cert =~ /BEGIN (CERTIFICATE|PUBLIC KEY)/ || &error(&text('ssl_ecert2', $certfile));
 	}
 }