5
4
[alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity
---
openssl-controller.lua | 5 +++++
openssl-editdefaults-html.lsp | 2 +-
openssl-model.lua | 32 ++++++++++++++++++++++++++++----
openssl-request-html.lsp | 2 +-
openssl-status-html.lsp | 3 ++-
openssl.roles | 6 +++---
6 files changed, 40 insertions(+), 10 deletions(-)
diff --git a/openssl-controller.lua b/openssl-controller.lua
index 7d9ae9a..3f8750b 100755
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -116,6 +116,11 @@ putcacert = function(self)
return controllerfunctions.handle_form(self,
self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
"Upload CA Certificate", "Certificate Uploaded")
end
+downloadpem = function(self)
+ self.conf.viewtype="stream"
+ return self.model.getpem(self.clientdata.dlpath)
+end
+
-- Generate a self-signed CA
generatecacert = function(self)
return controllerfunctions.handle_form(self,
self.model.getnewcarequest, self.model.generateca, self.clientdata,
"Generate", "Generate CA Certificate", "Certificate Generated")
diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
index 9052213..b73b0a8 100644
--- a/openssl-editdefaults-html.lsp
+++ b/openssl-editdefaults-html.lsp
@@ -6,7 +6,7 @@
form.action = page_info.script .. page_info.prefix ..
page_info.controller .. "/" .. page_info.action
local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
"organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
- local finishingorder = { "certtype", "extensions" }
+ local finishingorder = { "encryption", "validdays",
"certtype", "extensions" }
displayform(form, order, finishingorder)
%>
diff --git a/openssl-model.lua b/openssl-model.lua
index b5a84a6..a9b6f83 100755
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -30,7 +30,7 @@ local short_names = { countryName="C",
stateOrProvinceName="ST", localityName="L
local extensions = { "basicConstraints", "nsCertType", "nsComment",
"keyUsage", "subjectKeyIdentifier",
"authorityKeyIdentifier", "subjectAltName",
"issuerAltName" }
-- list of entries that must be found in ca section (used to define
our certificate types)
-local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy" }
+local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy",
"default_days" }
-- Create a cfe with the distinguished name defaults
local getdefaults = function()
@@ -308,6 +308,14 @@ end
getreqdefaults = function()
local defaults = getdefaults()
+ --Add in the encryption bit default
+ local encryption = config.req.default_bits
+ defaults.value.encryption = cfe({ type="select",
label="Encryption Bits", value=encryption, option={"2048", "4096"} })
+
+ -- Add in the default days
+ local validdays = getconfigentry(config.ca.default_ca, "default_days")
+ defaults.value.validdays = cfe({ type="text", label="Period
of Validity (Days)", value=validdays, descr="Number of days this
certificate is valid for" })
+
-- Add in the ca type default
defaults.value.certtype = cfe({ type="select", label="Certificate Type",
value=config.ca.default_ca, option=find_ca_sections() })
@@ -339,9 +347,10 @@ setreqdefaults = function(defaults)
ext_section = config.req.req_extensions
end
config = nil
+ fileval =
format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
fileval = format.set_ini_section(fileval, ext_section,
format.dostounix(defaults.value.extensions.value))
fileval = format.update_ini_file(fileval, "ca",
"default_ca", defaults.value.certtype.value)
- fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions"})
+ fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions", "validdays"})
fs.write_file(configfile, fileval)
end
@@ -383,6 +392,11 @@ submitrequest = function(defaults, user)
defaults.errtxt = "Failed to submit request\nRequest
already exists"
success = false
end
+
+ if not tonumber(defaults.value.validdays.value) then
+ defaults.value.validdays.errtxt = "Period of Validity
is not a number"
+ success = false
+ end
if success then
-- Submit the request
@@ -403,7 +417,9 @@ submitrequest = function(defaults, user)
end
end
end
-
+
+ fileval = format.update_ini_file(fileval,
"req","default_bits",defaults.value.encryption.value)
+ fileval = format.update_ini_file(fileval,
"","default_days",defaults.value.validdays.value)
fileval = format.set_ini_section(fileval, ext_section, content)
fileval = format.update_ini_file(fileval, "req",
"req_extensions", ext_section)
fs.write_file(reqname..".cfg", fileval)
@@ -470,7 +486,7 @@ approverequest = function(request)
local certname = certdir..request.."."..serial
-- Now, sign the certificate
- local cmd = path .. "openssl ca -config
"..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
-out "..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
+ local cmd = path .. "openssl ca -config
"..format.escapespecialcharacters(reqpath)..".cfg -in
"..format.escapespecialcharacters(reqpath)..".csr -out
"..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
local f = io.popen(cmd)
cmdresult.value = f:read("*a")
f:close()
@@ -680,6 +696,14 @@ getcrl = function(crltype)
return crlfile
end
+getpem = function(pem)
+ local f = fs.read_file(pem) or ""
+ local fname = string.gsub(pem, ".*/", "")
+ if validator.is_valid_filename(pem, openssldir) then
+ return cfe({ type="raw", value=f, label=fname,
option="application/x-pkcs12" })
+ end
+end
+
getnewputca = function()
local ca = cfe({ type="raw", value=0, label="CA Certificate",
descr='File must be a password protected ".pfx" file' })
local password = cfe({ label="Certificate Password" })
diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
index 2bc3af9..acbe8ed 100644
--- a/openssl-request-html.lsp
+++ b/openssl-request-html.lsp
@@ -8,7 +8,7 @@
form.value.password_confirm.type = "password"
local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
"organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
- local finishingorder = { "certtype", "extensions", "password",
"password_confirm" }
+ local finishingorder = { "certtype", "validdays",
"extensions", "password", "password_confirm" }
displayform(form, order, finishingorder)
%>
diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index 1837ab0..0f73d35 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -32,4 +32,5 @@
end
end
end %>
-
+<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
+Certificate</H1> <DL> <%=
html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value),
label="Download "..view.value.cacert.value } %><BR> </DL><% end %>
diff --git a/openssl.roles b/openssl.roles
index eb63818..03f5df1 100644
--- a/openssl.roles
+++ b/openssl.roles
@@ -1,6 +1,6 @@
USER=openssl:status,openssl:getrevoked
EDITOR=openssl:editdefaults
CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
-CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
-EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
-ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
+CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
+EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
+ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
--
1.7.5.4
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
I tried to apply the patch, but ran into trouble. I kept getting line wraps and HTML tags and other garbage. Since I tried it with two different mail clients, I'm wondering if it was a problem when sending the patch. Can you please try again using 'git send-email'?
Or, can someone else help me to apply the patch?
Thanks.
Ted
________________________________
From: Luke Stuart <lukestu@gmail.com >
To: alpine-devel@lists.alpinelinux.org
Sent: Thursday, June 23, 2011 8:30 AM
Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity
---
openssl-controller.lua | 5 +++++
openssl-editdefaults-html.lsp | 2 +-
openssl-model.lua | 32 ++++++++++++++++++++++++++++----
openssl-request-html.lsp | 2 +-
openssl-status-html.lsp | 3 ++-
openssl.roles | 6 +++---
6 files changed, 40 insertions(+), 10 deletions(-)
diff --git a/openssl-controller.lua b/openssl-controller.lua
index 7d9ae9a..3f8750b 100755
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -116,6 +116,11 @@ putcacert = function(self)
return controllerfunctions.handle_form(self,
self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
"Upload CA Certificate", "Certificate Uploaded")
end
+downloadpem = function(self)
+ self.conf.viewtype="stream"
+ return self.model.getpem(self.clientdata.dlpath)
+end
+
-- Generate a self-signed CA
generatecacert = function(self)
return controllerfunctions.handle_form(self,
self.model.getnewcarequest, self.model.generateca, self.clientdata,
"Generate", "Generate CA Certificate", "Certificate Generated")
diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
index 9052213..b73b0a8 100644
--- a/openssl-editdefaults-html.lsp
+++ b/openssl-editdefaults-html.lsp
@@ -6,7 +6,7 @@
form.action = page_info.script .. page_info.prefix ..
page_info.controller .. "/" .. page_info.action
local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
"organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
- local finishingorder = { "certtype", "extensions" }
+ local finishingorder = { "encryption", "validdays",
"certtype", "extensions" }
displayform(form, order, finishingorder)
%>
diff --git a/openssl-model.lua b/openssl-model.lua
index b5a84a6..a9b6f83 100755
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -30,7 +30,7 @@ local short_names = { countryName="C",
stateOrProvinceName="ST", localityName="L
local extensions = { "basicConstraints", "nsCertType", "nsComment",
"keyUsage", "subjectKeyIdentifier",
"authorityKeyIdentifier", "subjectAltName",
"issuerAltName" }
-- list of entries that must be found in ca section (used to define
our certificate types)
-local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy" }
+local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy",
"default_days" }
-- Create a cfe with the distinguished name defaults
local getdefaults = function()
@@ -308,6 +308,14 @@ end
getreqdefaults = function()
local defaults = getdefaults()
+ --Add in the encryption bit default
+ local encryption = config.req.default_bits
+ defaults.value.encryption = cfe({ type="select",
label="Encryption Bits", value=encryption, option={"2048", "4096"} })
+
+ -- Add in the default days
+ local validdays = getconfigentry(config.ca.default_ca, "default_days")
+ defaults.value.validdays = cfe({ type="text", label="Period
of Validity (Days)", value=validdays, descr="Number of days this
certificate is valid for" })
+
-- Add in the ca type default
defaults.value.certtype = cfe({ type="select", label="Certificate Type",
value=config.ca.default_ca, option=find_ca_sections() })
@@ -339,9 +347,10 @@ setreqdefaults = function(defaults)
ext_section = config.req.req_extensions
end
config = nil
+ fileval =
format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
fileval = format.set_ini_section(fileval, ext_section,
format.dostounix(defaults.value.extensions.value))
fileval = format.update_ini_file(fileval, "ca",
"default_ca", defaults.value.certtype.value)
- fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions"})
+ fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions", "validdays"})
fs.write_file(configfile, fileval)
end
@@ -383,6 +392,11 @@ submitrequest = function(defaults, user)
defaults.errtxt = "Failed to submit request\nRequest
already exists"
success = false
end
+
+ if not tonumber(defaults.value.validdays.value) then
+ defaults.value.validdays.errtxt = "Period of Validity
is not a number"
+ success = false
+ end
if success then
-- Submit the request
@@ -403,7 +417,9 @@ submitrequest = function(defaults, user)
end
end
end
-
+
+ fileval = format.update_ini_file(fileval,
"req","default_bits",defaults.value.encryption.value)
+ fileval = format.update_ini_file(fileval,
"","default_days",defaults.value.validdays.value)
fileval = format.set_ini_section(fileval, ext_section, content)
fileval = format.update_ini_file(fileval, "req",
"req_extensions", ext_section)
fs.write_file(reqname..".cfg", fileval)
@@ -470,7 +486,7 @@ approverequest = function(request)
local certname = certdir..request.."."..serial
-- Now, sign the certificate
- local cmd = path .. "openssl ca -config
"..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
-out "..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
+ local cmd = path .. "openssl ca -config
"..format.escapespecialcharacters(reqpath)..".cfg -in
"..format.escapespecialcharacters(reqpath)..".csr -out
"..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
local f = io.popen(cmd)
cmdresult.value = f:read("*a")
f:close()
@@ -680,6 +696,14 @@ getcrl = function(crltype)
return crlfile
end
+getpem = function(pem)
+ local f = fs.read_file(pem) or ""
+ local fname = string.gsub(pem, ".*/", "")
+ if validator.is_valid_filename(pem, openssldir) then
+ return cfe({ type="raw", value=f, label=fname,
option="application/x-pkcs12" })
+ end
+end
+
getnewputca = function()
local ca = cfe({ type="raw", value=0, label="CA Certificate",
descr='File must be a password protected ".pfx" file' })
local password = cfe({ label="Certificate Password" })
diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
index 2bc3af9..acbe8ed 100644
--- a/openssl-request-html.lsp
+++ b/openssl-request-html.lsp
@@ -8,7 +8,7 @@
form.value.password_confirm.type = "password"
local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
"organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
- local finishingorder = { "certtype", "extensions", "password",
"password_confirm" }
+ local finishingorder = { "certtype", "validdays",
"extensions", "password", "password_confirm" }
displayform(form, order, finishingorder)
%>
diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index 1837ab0..0f73d35 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -32,4 +32,5 @@
end
end
end %>
-
+<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
+Certificate</H1> <DL> <%=
html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value),
label="Download "..view.value.cacert.value } %><BR> </DL><% end %>
diff --git a/openssl.roles b/openssl.roles
index eb63818..03f5df1 100644
--- a/openssl.roles
+++ b/openssl.roles
@@ -1,6 +1,6 @@
USER=openssl:status,openssl:getrevoked
EDITOR=openssl:editdefaults
CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
-CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
-EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
-ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
+CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
+EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
+ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
--
1.7.5.4
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
On Tue, Jul 5, 2011 at 7:17 PM, Ted Trask <ttrask01@yahoo.com > wrote:
> I tried to apply the patch, but ran into trouble. I kept getting line wraps
> and HTML tags and other garbage. Since I tried it with two different mail
> clients, I'm wondering if it was a problem when sending the patch. Can you
> please try again using 'git send-email'?
> Or, can someone else help me to apply the patch?
I gave it a quick try as well, and I am also getting formatting issues
with the email, would be best to resend.
> Thanks.
>
> Ted
>
>
> ________________________________
> From: Luke Stuart <lukestu@gmail.com >
> To: alpine-devel@lists.alpinelinux.org
> Sent: Thursday, June 23, 2011 8:30 AM
> Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354:
> download cert plus set encryption bits and period of validity
>
> ---
> openssl-controller.lua | 5 +++++
> openssl-editdefaults-html.lsp | 2 +-
> openssl-model.lua | 32 ++++++++++++++++++++++++++++----
> openssl-request-html.lsp | 2 +-
> openssl-status-html.lsp | 3 ++-
> openssl.roles | 6 +++---
> 6 files changed, 40 insertions(+), 10 deletions(-)
>
> diff --git a/openssl-controller.lua b/openssl-controller.lua
> index 7d9ae9a..3f8750b 100755
> --- a/openssl-controller.lua
> +++ b/openssl-controller.lua
> @@ -116,6 +116,11 @@ putcacert = function(self)
> return controllerfunctions.handle_form(self,
> self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
> "Upload CA Certificate", "Certificate Uploaded")
> end
>
> +downloadpem = function(self)
> + self.conf.viewtype="stream"
> + return self.model.getpem(self.clientdata.dlpath)
> +end
> +
> -- Generate a self-signed CA
> generatecacert = function(self)
> return controllerfunctions.handle_form(self,
> self.model.getnewcarequest, self.model.generateca, self.clientdata,
> "Generate", "Generate CA Certificate", "Certificate Generated")
> diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
> index 9052213..b73b0a8 100644
> --- a/openssl-editdefaults-html.lsp
> +++ b/openssl-editdefaults-html.lsp
> @@ -6,7 +6,7 @@
> form.action = page_info.script .. page_info.prefix ..
> page_info.controller .. "/" .. page_info.action
> local order = { "countryName", "C", "stateOrProvinceName",
> "ST", "localityName", "L", "organizationName", "O",
> "organizationalUnitName", "OU", "commonName",
> "CN", "emailAddress" }
> - local finishingorder = { "certtype", "extensions" }
> + local finishingorder = { "encryption", "validdays",
> "certtype", "extensions" }
> displayform(form, order, finishingorder)
> %>
>
> diff --git a/openssl-model.lua b/openssl-model.lua
> index b5a84a6..a9b6f83 100755
> --- a/openssl-model.lua
> +++ b/openssl-model.lua
> @@ -30,7 +30,7 @@ local short_names = { countryName="C",
> stateOrProvinceName="ST", localityName="L
> local extensions = { "basicConstraints", "nsCertType", "nsComment",
> "keyUsage", "subjectKeyIdentifier",
> "authorityKeyIdentifier", "subjectAltName",
> "issuerAltName" }
> -- list of entries that must be found in ca section (used to define
> our certificate types)
> -local ca_mandatory_entries = { "new_certs_dir", "certificate",
> "private_key", "default_md", "database", "serial", "policy" }
> +local ca_mandatory_entries = { "new_certs_dir", "certificate",
> "private_key", "default_md", "database", "serial", "policy",
> "default_days" }
>
> -- Create a cfe with the distinguished name defaults
> local getdefaults = function()
> @@ -308,6 +308,14 @@ end
> getreqdefaults = function()
> local defaults = getdefaults()
>
> + --Add in the encryption bit default
> + local encryption = config.req.default_bits
> + defaults.value.encryption = cfe({ type="select",
> label="Encryption Bits", value=encryption, option={"2048", "4096"} })
> +
> + -- Add in the default days
> + local validdays = getconfigentry(config.ca.default_ca,
> "default_days")
> + defaults.value.validdays = cfe({ type="text", label="Period
> of Validity (Days)", value=validdays, descr="Number of days this
> certificate is valid for" })
> +
> -- Add in the ca type default
> defaults.value.certtype = cfe({ type="select", label="Certificate
> Type",
> value=config.ca.default_ca, option=find_ca_sections() })
> @@ -339,9 +347,10 @@ setreqdefaults = function(defaults)
> ext_section = config.req.req_extensions
> end
> config = nil
> + fileval =
> format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
> fileval = format.set_ini_section(fileval, ext_section,
> format.dostounix(defaults.value.extensions.value))
> fileval = format.update_ini_file(fileval, "ca",
> "default_ca", defaults.value.certtype.value)
> - fileval = write_distinguished_names(fileval, defaults,
> {"certtype", "extensions"})
> + fileval = write_distinguished_names(fileval, defaults,
> {"certtype", "extensions", "validdays"})
> fs.write_file(configfile, fileval)
> end
>
> @@ -383,6 +392,11 @@ submitrequest = function(defaults, user)
> defaults.errtxt = "Failed to submit request\nRequest
> already exists"
> success = false
> end
> +
> + if not tonumber(defaults.value.validdays.value) then
> + defaults.value.validdays.errtxt = "Period of Validity
> is not a number"
> + success = false
> + end
>
> if success then
> -- Submit the request
> @@ -403,7 +417,9 @@ submitrequest = function(defaults, user)
> end
> end
> end
> -
> +
> + fileval = format.update_ini_file(fileval,
> "req","default_bits",defaults.value.encryption.value)
> + fileval = format.update_ini_file(fileval,
> "","default_days",defaults.value.validdays.value)
> fileval = format.set_ini_section(fileval, ext_section,
> content)
> fileval = format.update_ini_file(fileval, "req",
> "req_extensions", ext_section)
> fs.write_file(reqname..".cfg", fileval)
> @@ -470,7 +486,7 @@ approverequest = function(request)
> local certname = certdir..request.."."..serial
>
> -- Now, sign the certificate
> - local cmd = path .. "openssl ca -config
> "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
> -out "..format.escapespecialcharacters(certname)..".crt -name
> "..format.escapespecialcharacters(certtype).." -batch 2>&1"
> + local cmd = path .. "openssl ca -config
> "..format.escapespecialcharacters(reqpath)..".cfg -in
> "..format.escapespecialcharacters(reqpath)..".csr -out
> "..format.escapespecialcharacters(certname)..".crt -name
> "..format.escapespecialcharacters(certtype).." -batch 2>&1"
> local f = io.popen(cmd)
> cmdresult.value = f:read("*a")
> f:close()
> @@ -680,6 +696,14 @@ getcrl = function(crltype)
> return crlfile
> end
>
> +getpem = function(pem)
> + local f = fs.read_file(pem) or ""
> + local fname = string.gsub(pem, ".*/", "")
> + if validator.is_valid_filename(pem, openssldir) then
> + return cfe({ type="raw", value=f, label=fname,
> option="application/x-pkcs12" })
> + end
> +end
> +
> getnewputca = function()
> local ca = cfe({ type="raw", value=0, label="CA Certificate",
> descr='File must be a password protected ".pfx" file' })
> local password = cfe({ label="Certificate Password" })
> diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
> index 2bc3af9..acbe8ed 100644
> --- a/openssl-request-html.lsp
> +++ b/openssl-request-html.lsp
> @@ -8,7 +8,7 @@
> form.value.password_confirm.type = "password"
> local order = { "countryName", "C", "stateOrProvinceName",
> "ST", "localityName", "L", "organizationName", "O",
> "organizationalUnitName", "OU", "commonName",
> "CN", "emailAddress" }
> - local finishingorder = { "certtype", "extensions", "password",
> "password_confirm" }
> + local finishingorder = { "certtype", "validdays",
> "extensions", "password", "password_confirm" }
> displayform(form, order, finishingorder)
> %>
>
> diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
> index 1837ab0..0f73d35 100644
> --- a/openssl-status-html.lsp
> +++ b/openssl-status-html.lsp
> @@ -32,4 +32,5 @@
> end
> end
> end %>
> -
> +<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
> +Certificate</H1> <DL> <%=
> html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value),
> label="Download "..view.value.cacert.value } %><BR> </DL><% end %>
> diff --git a/openssl.roles b/openssl.roles
> index eb63818..03f5df1 100644
> --- a/openssl.roles
> +++ b/openssl.roles
> @@ -1,6 +1,6 @@
> USER=openssl:status,openssl:getrevoked
> EDITOR=openssl:editdefaults
> CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
> -CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
> -EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
> -ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
> +CERT_APPROVER=openssl:readall,
> openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
> +EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
> +ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
> --
> 1.7.5.4
>
>
> ---
> Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
> Help: alpine-devel+help@lists.alpinelinux.org
> ---
>
>
>
>
--
Jeff
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---