Luke Stuart: 1 Add features as per #354 1 files changed, 176 insertions(+), 0 deletions(-)
Copy & paste the following snippet into your terminal to import this patchset into git:
curl -s https://lists.alpinelinux.org/~alpine/devel/patches/265/mbox | git am -3Learn more about email & git
From: lstuart <lukestu@gmail.com> Added option to specify validity period; option on status page to download PEM; drop-down box to specify encryption bit ref #354 --- .../acf-openssl-354-feature-requests.patch | 176 ++++++++++++++++++++ 1 files changed, 176 insertions(+), 0 deletions(-) create mode 100644 main/acf-openssl/acf-openssl-354-feature-requests.patch diff --git a/main/acf-openssl/acf-openssl-354-feature-requests.patch b/main/acf-openssl/acf-openssl-354-feature-requests.patch new file mode 100644 index 0000000..4ef0c40 --- /dev/null +++ b/main/acf-openssl/acf-openssl-354-feature-requests.patch @@ -0,0 +1,176 @@ +--- a/openssl-controller.lua ++++ b/openssl-controller.lua +@@ -115,6 +115,11 @@ + return controllerfunctions.handle_form(self, self.model.getnewputca, self.model.putca, self.clientdata, "Upload", "Upload CA Certificate", "Certificate Uploaded") + end + ++downloadpem = function(self) ++ self.conf.viewtype="stream" ++ return self.model.getpem(self.clientdata.dlpath) ++end ++ + -- Generate a self-signed CA + generatecacert = function(self) + return controllerfunctions.handle_form(self, self.model.getnewcarequest, self.model.generateca, self.clientdata, "Generate", "Generate CA Certificate", "Certificate Generated") +--- a/openssl-editdefaults-html.lsp ++++ b/openssl-editdefaults-html.lsp +@@ -6,7 +6,7 @@ + form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action + local order = { "countryName", "C", "stateOrProvinceName", "ST", "localityName", "L", "organizationName", "O", + "organizationalUnitName", "OU", "commonName", "CN", "emailAddress" } +- local finishingorder = { "certtype", "extensions" } ++ local finishingorder = { "encryption", "validdays", "certtype", "extensions" } + displayform(form, order, finishingorder) + %> + +--- a/openssl-model.lua ++++ b/openssl-model.lua +@@ -37,7 +37,6 @@ + local defaults = cfe({ type="group", value={} }) + config = config or format.parse_ini_file(fs.read_file(configfile) or "") + local distinguished_name = config.req.distinguished_name or "" +- + -- Get the distinguished name defaults + for name,value in pairs(config[distinguished_name]) do + if nil == string.find(name, "_") then +@@ -302,14 +301,24 @@ + + getreqdefaults = function() + local defaults = getdefaults() +- ++ ++ --Add in the encryption bit default ++ local encryption = "" ++ local content = fs.read_file(configfile) or "" ++ encryption = format.get_ini_entry(content, "req", "default_bits") ++ defaults.value.encryption = cfe({ type="select", label="Encryption Bits", value=encryption, option={"2048", "4096"} }) ++ ++ -- Add in the default days ++ local validdays = "" ++ local validdays = format.get_ini_entry(content, "", "default_days") ++ defaults.value.validdays = cfe({ type="text", label="Period of Validity (Days)", value=validdays, descr="Number of days this certificate is valid for" }) ++ + -- Add in the ca type default + defaults.value.certtype = cfe({ type="select", label="Certificate Type", + value=config.ca.default_ca, option=find_ca_sections() }) ++ + -- Add in the extensions + local extensions = "" +- local content = fs.read_file(configfile) or "" +- config = config or format.parse_ini_file(content) + if config.req.req_extensions then + extensions = format.get_ini_section(content, config.req.req_extensions) + end +@@ -333,10 +342,13 @@ + else + ext_section = config.req.req_extensions + end ++ + config = nil ++ fileval = format.update_ini_file(fileval,"req","default_bits",defaults.value.encryption.value) ++ fileval = format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value) + fileval = format.set_ini_section(fileval, ext_section, format.dostounix(defaults.value.extensions.value)) + fileval = format.update_ini_file(fileval, "ca", "default_ca", defaults.value.certtype.value) +- fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions"}) ++ fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions", "validdays" }) + fs.write_file(configfile, fileval) + end + +@@ -357,7 +369,7 @@ + + submitrequest = function(defaults, user) + local success, defaults = validate_request(defaults) +- ++ + -- Must have a common name + if #defaults.value.commonName.value == 0 then + defaults.value.commonName.errtxt = "Common Name cannot be blank" +@@ -378,10 +390,15 @@ + defaults.errtxt = "Failed to submit request\nRequest already exists" + success = false + end ++ ++ if not tonumber(defaults.value.validdays.value) then ++ defaults.value.validdays.errtxt = "Period of Validity is not a number" ++ success = false ++ end + + if success then + -- Submit the request +- local subject = create_subject_string(defaults, {"password", "password_confirm", "certtype", "extensions"}) ++ local subject = create_subject_string(defaults, {"password", "password_confirm", "certtype", "extensions" }) + + -- Generate a temp config file for this request + local fileval = fs.read_file(configfile) or "" +@@ -398,11 +415,11 @@ + end + end + end +- ++ fileval = format.update_ini_file(fileval, "req","default_bits",defaults.value.encryption.value) ++ fileval = format.update_ini_file(fileval, "","default_days",defaults.value.validdays.value) + fileval = format.set_ini_section(fileval, ext_section, content) + fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section) + fs.write_file(reqname..".cfg", fileval) +- + local cmd = path .. "openssl req -nodes -new -config "..format.escapespecialcharacters(reqname)..".cfg -keyout "..format.escapespecialcharacters(reqname)..".pem -out "..format.escapespecialcharacters(reqname)..'.csr -subj "'..subject..'" 2>&1' + local f = io.popen(cmd) + local cmdresult = f:read("*a") +@@ -465,7 +482,7 @@ + local certname = certdir..request.."."..serial + + -- Now, sign the certificate +- local cmd = path .. "openssl ca -config "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1" ++ local cmd = path .. "openssl ca -config "..format.escapespecialcharacters(reqpath)..".cfg -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1" + local f = io.popen(cmd) + cmdresult.value = f:read("*a") + f:close() +@@ -673,6 +690,12 @@ + crlfile.value = fs.read_file("ca-crl.crl") or "" + end + return crlfile ++end ++ ++getpem = function(pem) ++ local f = fs.read_file(pem) or "" ++ local fname = string.gsub(pem, ".*/", "") ++ return cfe({ type="raw", value=f, label=fname, option="application/x-pkcs12" }) + end + + getnewputca = function() +--- a/openssl-request-html.lsp ++++ b/openssl-request-html.lsp +@@ -8,7 +8,7 @@ + form.value.password_confirm.type = "password" + local order = { "countryName", "C", "stateOrProvinceName", "ST", "localityName", "L", "organizationName", "O", + "organizationalUnitName", "OU", "commonName", "CN", "emailAddress" } +- local finishingorder = { "certtype", "extensions", "password", "password_confirm" } ++ local finishingorder = { "encryption", "validdays", "certtype", "extensions", "password", "password_confirm" } + displayform(form, order, finishingorder) + %> + +--- a/openssl-status-html.lsp ++++ b/openssl-status-html.lsp +@@ -32,4 +32,9 @@ + end + end + end %> +- ++<% if viewlibrary.check_permission("downloadpem") then %> ++<H1>Download Certificate</H1> ++<DL> ++<%= html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value), label="Download "..view.value.cacert.value } %><BR> ++</DL> ++<% end %> +--- a/openssl.roles ++++ b/openssl.roles +@@ -1,6 +1,6 @@ + USER=openssl:status,openssl:getrevoked + EDITOR=openssl:editdefaults + CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert +-CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert +-EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment +-ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment ++CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem ++EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem ++ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem -- 1.7.4.1 --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---