Browse code

* Ermögliche SAN bei CSRs * Vorbereitung für Let's Encrypt!

Bernd Wurst authored on29/11/2015 05:18:32
Showing4 changed files
... ...
@@ -227,7 +227,7 @@ if (!$vhost['server']) {
227 227
 $extended = '';
228 228
   if (count($certs))
229 229
   {
230
-    $certselect = array(0 => 'kein Zertifikat / System-Standard benutzen');
230
+    $certselect = array(0 => 'kein Zertifikat / System-Standard benutzen', -1 => 'Automatische Zertifikatsverwaltung über Let\'s Encrypt!');
231 231
     foreach ($certs as $c)
232 232
     {
233 233
       $certselect[$c['id']] = $c['subject'];
... ...
@@ -232,9 +232,32 @@ function delete_csr($id)
232 232
 }
233 233
 
234 234
 
235
+function split_cn($cn)
236
+{
237
+  $domains = array();
238
+  if (strstr($cn, ',') or strstr($cn, "\n")) {
239
+    $domains = preg_split("/[, \n]+/", $cn);
240
+    DEBUG("Domains:");
241
+    DEBUG($domains);
242
+  } else {
243
+    $domains[] = $cn;
244
+  }
245
+  for ($i=0;$i!=count($domains);$i++) {
246
+    $domains[$i] = filter_input_hostname($domains[$i], true);
247
+  }
248
+  return $domains;
249
+}
250
+
235 251
 function create_csr($cn, $bits)
236 252
 {
237
-  $cn = filter_input_hostname($cn, true);
253
+  $domains = split_cn($cn);
254
+  $tmp = array();
255
+  foreach ($domains as $dom) {
256
+    $tmp[] = 'DNS:'.$dom;
257
+  }
258
+  $SAN = "[ v3_req ]\nsubjectAltName = ".implode(', ', $tmp);
259
+  DEBUG($SAN);
260
+  $cn = $domains[0];
238 261
   $bits = (int) $bits;
239 262
   if ($bits == 0)
240 263
     $bits = 4096;
... ...
@@ -251,6 +274,7 @@ default_bits = {$bits}
251 274
 default_keyfile = {$keyfile}
252 275
 encrypt_key = no
253 276
 distinguished_name      = req_distinguished_name
277
+req_extensions = v3_req
254 278
 
255 279
 [ req_distinguished_name ]
256 280
 countryName                     = Country Name (2 letter code)
... ...
@@ -264,6 +288,7 @@ localityName_default            =
264 288
 
265 289
 commonName = Common Name
266 290
 commonName_default = {$cn}
291
+{$SAN}
267 292
 ");
268 293
   fclose($c);
269 294
 
... ...
@@ -295,13 +320,15 @@ function save_csr($cn, $bits, $replace=NULL)
295 320
   if (! $cn) {
296 321
     system_failure("Sie müssen einen Domainname eingeben!");
297 322
   }
323
+  $domains = split_cn($cn);
324
+  $cn = $domains[0];
298 325
   $csr = NULL;
299 326
   $key = NULL;
300
-  list($csr, $key) = create_csr($cn, $bits);
327
+  list($csr, $key) = create_csr(implode(',',$domains), $bits);
301 328
   
302 329
   $uid = (int) $_SESSION['userinfo']['uid'];
303 330
   db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :bits, :replace, :csr, :key)",
304
-           array(":uid" => $uid, ":cn" => filter_input_hostname($cn, true), ":bits" => $bits, 
331
+           array(":uid" => $uid, ":cn" => $cn, ":bits" => $bits, 
305 332
                  ":replace" => $replace, ":csr" => $csr, ":key" => $key));
306 333
   $id = db_insert_id();
307 334
   return $id;  
... ...
@@ -35,7 +35,7 @@ Einstellungen stehen Ihnen die OpenSSL-Programme in Ihrem Benutzeraccount zur Ve
35 35
 
36 36
 $bitselect = array(2048 => 2048, 4096 => 4096);
37 37
 
38
-$form = '<p><label for="commonname">Domain-/Hostname:</label> <input type="text" name="commonname" id="commonname" /></p>
38
+$form = '<p><label for="commonname">Domain-/Hostname:</label> <input type="text" name="commonname" id="commonname" /> (Mehrere Hostnames ggf. mit Komma trennen.)</p>
39 39
 <p><label for="bitlength">Bitlänge:</label> '.html_select('bitlength', $bitselect, 4096).'</p>
40 40
 <p><input type="submit" value="Erzeugen" /></p>';
41 41
 
... ...
@@ -209,11 +209,16 @@ if ($_GET['action'] == 'edit')
209 209
   $new_options = array();
210 210
   foreach ($old_options AS $op)
211 211
   {
212
-    if ($op != 'aliaswww')
212
+    if ($op != 'aliaswww') {
213 213
       array_push($new_options, $op);
214
+    }
214 215
   }
215
-  if ($aliaswww)
216
+  if ($aliaswww){
216 217
     array_push($new_options, 'aliaswww');
218
+  }
219
+  if ($cert == -1) {
220
+    array_push($new_options, 'letsencrypt');
221
+  }
217 222
 
218 223
   DEBUG($old_options);
219 224
   DEBUG($new_options);