* Ermögliche SAN bei CSRs * Vorbereitung für Let's Encrypt! (eaac3bf)

* Ermögliche SAN bei CSRs * Vorbereitung für Let's Encrypt!

Bernd Wurst commited on 2015-11-29 05:18:32
Zeige 4 geänderte Dateien mit 39 Einfügungen und 7 Löschungen.

modules/vhosts/edit.php ae9b0c5..e6c1914
modules/vhosts/include/certs.php df679be..eea5558
modules/vhosts/newcsr.php cc653df..4a23ce2
modules/vhosts/save.php d92636f..f9ac776

@@ -227,7 +227,7 @@ if (!$vhost['server']) {
 $extended = '';
   if (count($certs))
   {
-    $certselect = array(0 => 'kein Zertifikat / System-Standard benutzen');
+    $certselect = array(0 => 'kein Zertifikat / System-Standard benutzen', -1 => 'Automatische Zertifikatsverwaltung über Let\'s Encrypt!');
     foreach ($certs as $c)
     {
       $certselect[$c['id']] = $c['subject'];

modules/vhosts/include/certs.php

Zeige Datei @ eaac3bf

@@ -232,9 +232,32 @@ function delete_csr($id)
 }
 
 
+function split_cn($cn)
+{
+  $domains = array();
+  if (strstr($cn, ',') or strstr($cn, "\n")) {
+    $domains = preg_split("/[, \n]+/", $cn);
+    DEBUG("Domains:");
+    DEBUG($domains);
+  } else {
+    $domains[] = $cn;
+  }
+  for ($i=0;$i!=count($domains);$i++) {
+    $domains[$i] = filter_input_hostname($domains[$i], true);
+  }
+  return $domains;
+}
+
 function create_csr($cn, $bits)
 {
-  $cn = filter_input_hostname($cn, true);
+  $domains = split_cn($cn);
+  $tmp = array();
+  foreach ($domains as $dom) {
+    $tmp[] = 'DNS:'.$dom;
+  }
+  $SAN = "[ v3_req ]\nsubjectAltName = ".implode(', ', $tmp);
+  DEBUG($SAN);
+  $cn = $domains[0];
   $bits = (int) $bits;
   if ($bits == 0)
     $bits = 4096;
@@ -251,6 +274,7 @@ default_bits = {$bits}
 default_keyfile = {$keyfile}
 encrypt_key = no
 distinguished_name      = req_distinguished_name
+req_extensions = v3_req
 
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
@@ -264,6 +288,7 @@ localityName_default            =
 
 commonName = Common Name
 commonName_default = {$cn}
+{$SAN}
 ");
   fclose($c);
 
@@ -295,13 +320,15 @@ function save_csr($cn, $bits, $replace=NULL)
   if (! $cn) {
     system_failure("Sie müssen einen Domainname eingeben!");
   }
+  $domains = split_cn($cn);
+  $cn = $domains[0];
   $csr = NULL;
   $key = NULL;
-  list($csr, $key) = create_csr($cn, $bits);
+  list($csr, $key) = create_csr(implode(',',$domains), $bits);
   
   $uid = (int) $_SESSION['userinfo']['uid'];
   db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :bits, :replace, :csr, :key)",
-           array(":uid" => $uid, ":cn" => filter_input_hostname($cn, true), ":bits" => $bits, 
+           array(":uid" => $uid, ":cn" => $cn, ":bits" => $bits, 
                  ":replace" => $replace, ":csr" => $csr, ":key" => $key));
   $id = db_insert_id();
   return $id;  

modules/vhosts/newcsr.php

Zeige Datei @ eaac3bf

@@ -35,7 +35,7 @@ Einstellungen stehen Ihnen die OpenSSL-Programme in Ihrem Benutzeraccount zur Ve
 
 $bitselect = array(2048 => 2048, 4096 => 4096);
 
-$form = '<p><label for="commonname">Domain-/Hostname:</label> <input type="text" name="commonname" id="commonname" /></p>
+$form = '<p><label for="commonname">Domain-/Hostname:</label> <input type="text" name="commonname" id="commonname" /> (Mehrere Hostnames ggf. mit Komma trennen.)</p>
 <p><label for="bitlength">Bitlänge:</label> '.html_select('bitlength', $bitselect, 4096).'</p>
 <p><input type="submit" value="Erzeugen" /></p>';
 

modules/vhosts/save.php

Zeige Datei @ eaac3bf

@@ -209,11 +209,16 @@ if ($_GET['action'] == 'edit')
   $new_options = array();
   foreach ($old_options AS $op)
   {
-    if ($op != 'aliaswww')
+    if ($op != 'aliaswww') {
       array_push($new_options, $op);
     }
-  if ($aliaswww)
+  }
+  if ($aliaswww){
     array_push($new_options, 'aliaswww');
+  }
+  if ($cert == -1) {
+    array_push($new_options, 'letsencrypt');
+  }
 
   DEBUG($old_options);
   DEBUG($new_options);


...	...	@@ -227,7 +227,7 @@ if (!$vhost['server']) {
227	227	$extended = '';
228	228	if (count($certs))
229	229	{
230		- $certselect = array(0 => 'kein Zertifikat / System-Standard benutzen');
	230	+ $certselect = array(0 => 'kein Zertifikat / System-Standard benutzen', -1 => 'Automatische Zertifikatsverwaltung über Let\'s Encrypt!');
231	231	foreach ($certs as $c)
232	232	{
233	233	$certselect[$c['id']] = $c['subject'];

...	...	@@ -232,9 +232,32 @@ function delete_csr($id)
232	232	}
233	233
234	234
	235	+function split_cn($cn)
	236	+{
	237	+ $domains = array();
	238	+ if (strstr($cn, ',') or strstr($cn, "\n")) {
	239	+ $domains = preg_split("/[, \n]+/", $cn);
	240	+ DEBUG("Domains:");
	241	+ DEBUG($domains);
	242	+ } else {
	243	+ $domains[] = $cn;
	244	+ }
	245	+ for ($i=0;$i!=count($domains);$i++) {
	246	+ $domains[$i] = filter_input_hostname($domains[$i], true);
	247	+ }
	248	+ return $domains;
	249	+}
	250	+
235	251	function create_csr($cn, $bits)
236	252	{
237		- $cn = filter_input_hostname($cn, true);
	253	+ $domains = split_cn($cn);
	254	+ $tmp = array();
	255	+ foreach ($domains as $dom) {
	256	+ $tmp[] = 'DNS:'.$dom;
	257	+ }
	258	+ $SAN = "[ v3_req ]\nsubjectAltName = ".implode(', ', $tmp);
	259	+ DEBUG($SAN);
	260	+ $cn = $domains[0];
238	261	$bits = (int) $bits;
239	262	if ($bits == 0)
240	263	$bits = 4096;
...	...	@@ -251,6 +274,7 @@ default_bits = {$bits}
251	274	default_keyfile = {$keyfile}
252	275	encrypt_key = no
253	276	distinguished_name = req_distinguished_name
	277	+req_extensions = v3_req
254	278
255	279	[ req_distinguished_name ]
256	280	countryName = Country Name (2 letter code)
...	...	@@ -264,6 +288,7 @@ localityName_default =
264	288
265	289	commonName = Common Name
266	290	commonName_default = {$cn}
	291	+{$SAN}
267	292	");
268	293	fclose($c);
269	294
...	...	@@ -295,13 +320,15 @@ function save_csr($cn, $bits, $replace=NULL)
295	320	if (! $cn) {
296	321	system_failure("Sie müssen einen Domainname eingeben!");
297	322	}
	323	+ $domains = split_cn($cn);
	324	+ $cn = $domains[0];
298	325	$csr = NULL;
299	326	$key = NULL;
300		- list($csr, $key) = create_csr($cn, $bits);
	327	+ list($csr, $key) = create_csr(implode(',',$domains), $bits);
301	328
302	329	$uid = (int) $_SESSION['userinfo']['uid'];
303	330	db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :bits, :replace, :csr, :key)",
304		- array(":uid" => $uid, ":cn" => filter_input_hostname($cn, true), ":bits" => $bits,
	331	+ array(":uid" => $uid, ":cn" => $cn, ":bits" => $bits,
305	332	":replace" => $replace, ":csr" => $csr, ":key" => $key));
306	333	$id = db_insert_id();
307	334	return $id;

...	...	@@ -209,11 +209,16 @@ if ($_GET['action'] == 'edit')
209	209	$new_options = array();
210	210	foreach ($old_options AS $op)
211	211	{
212		- if ($op != 'aliaswww')
	212	+ if ($op != 'aliaswww') {
213	213	array_push($new_options, $op);
214	214	}
215		- if ($aliaswww)
	215	+ }
	216	+ if ($aliaswww){
216	217	array_push($new_options, 'aliaswww');
	218	+ }
	219	+ if ($cert == -1) {
	220	+ array_push($new_options, 'letsencrypt');
	221	+ }
217	222
218	223	DEBUG($old_options);
219	224	DEBUG($new_options);
220	225

...	...	@@ -35,7 +35,7 @@ Einstellungen stehen Ihnen die OpenSSL-Programme in Ihrem Benutzeraccount zur Ve
35	35
36	36	$bitselect = array(2048 => 2048, 4096 => 4096);
37	37
38		-$form = '<p><label for="commonname">Domain-/Hostname:</label> <input type="text" name="commonname" id="commonname" /></p>
	38	+$form = '<p><label for="commonname">Domain-/Hostname:</label> <input type="text" name="commonname" id="commonname" /> (Mehrere Hostnames ggf. mit Komma trennen.)</p>
39	39	<p><label for="bitlength">Bitlänge:</label> '.html_select('bitlength', $bitselect, 4096).'</p>
40	40	<p><input type="submit" value="Erzeugen" /></p>';
41	41

webinterface.git