Browse code

handle empty SAN properly

Hanno Böck authored on 03/07/2022 09:47:02
Showing 1 changed files
... ...
@@ -210,30 +210,27 @@ function validate_certificate($cert, $key)
210 210
 function parse_cert_details($cert)
211 211
 {
212 212
     $certdata = openssl_x509_parse($cert, true);
213
-    /*
214
-name => /CN=*.bwurst.org
215
-validFrom_time_t => 1204118790
216
-validTo_time_t => 1267190790
217
-
218
-
219
-    */
220 213
     DEBUG($certdata);
221
-    DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
222
-    //return array('subject' => $certdata['name'], 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']));
214
+
223 215
     $issuer = $certdata['issuer']['CN'];
224 216
     if (isset($certdata['issuer']['O'])) {
225 217
         $issuer = $certdata['issuer']['O'];
226 218
     }
227
-    $san = [];
228
-    $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
229
-    foreach ($raw_san as $name) {
230
-        if (! substr($name, 0, 4) == 'DNS:') {
231
-            warning('Unparsable SAN: '.$name);
232
-            continue;
219
+    if (isset($certdata['extensions']['subjectAltName'])) {
220
+        DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
221
+        $san = [];
222
+        $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
223
+        foreach ($raw_san as $name) {
224
+            if (! substr($name, 0, 4) == 'DNS:') {
225
+                warning('Unparsable SAN: '.$name);
226
+                continue;
227
+            }
228
+            $san[] = str_replace('DNS:', '', $name);
233 229
         }
234
-        $san[] = str_replace('DNS:', '', $name);
230
+        $san = implode("\n", $san);
231
+    } else {
232
+        $san = "\n";
235 233
     }
236
-    $san = implode("\n", $san);
237 234
     DEBUG("SAN: <pre>".$san."</pre>");
238 235
     return ['subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san];
239 236
 }