Permalink
Browse files

Adding error checking to Intermediate CA creation.

  • Loading branch information...
1 parent 5c00a2b commit 45a5628ca4978d91d36cd563e15fa4a1c8e9029e @EvgenyY committed Jun 22, 2011
Showing with 19 additions and 8 deletions.
  1. +9 −6 etc/inc/certs.inc
  2. +10 −2 usr/local/www/system_camanager.php
View
@@ -192,10 +192,9 @@ function ca_inter_create(& $ca, $keylen, $lifetime, $dn, $caref) {
if (!$signing_ca)
return false;
- $signing_ca_str_crt = base64_decode($signing_ca['crt']);
- $signing_ca_str_key = base64_decode($signing_ca['prv']);
- $signing_ca_res_crt = openssl_x509_read($signing_ca_str_crt);
- $signing_ca_res_key = openssl_pkey_get_private(array(0 => $signing_ca_str_key, 1 => ""));
+ $signing_ca_res_crt = openssl_x509_read(base64_decode($signing_ca['crt']));
+ $signing_ca_res_key = openssl_pkey_get_private(array(0 => base64_decode($signing_ca['prv']) , 1 => ""));
+ if (!$signing_ca_res_crt || !$signing_ca_res_key) return false;
$signing_ca_serial = ++$signing_ca['serial'];
$args = array(
@@ -206,16 +205,20 @@ function ca_inter_create(& $ca, $keylen, $lifetime, $dn, $caref) {
// generate a new key pair
$res_key = openssl_pkey_new($args);
+ if (!$res_key) return false;
// generate a certificate signing request
$res_csr = openssl_csr_new($dn, $res_key, $args);
+ if (!$res_csr) return false;
// Sign the certificate
$res_crt = openssl_csr_sign($res_csr, $signing_ca_res_crt, $signing_ca_res_key, $lifetime, $args, $signing_ca_serial);
+ if (!$res_crt) return false;
// export our certificate data
- openssl_pkey_export($res_key, $str_key);
- openssl_x509_export($res_crt, $str_crt);
+ if (!openssl_pkey_export($res_key, $str_key) ||
+ !openssl_x509_export($res_crt, $str_crt))
+ return false;
// return our ca information
$ca['crt'] = base64_encode($str_crt);
@@ -264,7 +264,14 @@
'organizationName' => $pconfig['dn_organization'],
'emailAddress' => $pconfig['dn_email'],
'commonName' => $pconfig['dn_commonname']);
- ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref']);
+ $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
+ if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'])){
+ while($ssl_err = openssl_error_string()){
+ $input_errors = array();
+ array_push($input_errors, "openssl library returns: " . $ssl_err);
+ }
+ }
+ error_reporting($old_err_level);
}
}
@@ -273,7 +280,8 @@
else
$a_ca[] = $ca;
- write_config();
+ if (!$input_errors)
+ write_config();
// pfSenseHeader("system_camanager.php");
}

0 comments on commit 45a5628

Please sign in to comment.