Change basedir to cadir and restrict to within /etc/ssl/

author: Ted Trask <ttrask01@yahoo.com> 2015-02-02 16:16:46 -0500
committer: Ted Trask <ttrask01@yahoo.com> 2015-02-02 16:17:27 -0500
commit: 7fa6abdb25ee1ea7dda9b3771d139788c120940f (patch)
tree: 7b05e633e96654ce19c2381e6e8f3dafce96efcc
parent: 2238876a4b10036a82ce3cd3e8c9c759651047e8 (diff)
download: acf-openssl-7fa6abdb25ee1ea7dda9b3771d139788c120940f.tar.bz2
acf-openssl-7fa6abdb25ee1ea7dda9b3771d139788c120940f.tar.xz
3 files changed, 71 insertions, 67 deletions
diff --git a/openssl-model.lua b/openssl-model.lua
index 4806d9d..13eafc9 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -18,6 +18,7 @@ local configfile = "openssl-ca-acf.cnf"
 local requestdir = "req/"
 local certdir = "cert/"
 local openssldir = "/etc/ssl/"
+local basedir = openssldir
 
 -- Save the config in a variable so isn't loaded each and every time needed
 local config = nil
@@ -33,10 +34,13 @@ local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "d
 
 local initializecfe = function(self, clientdata, label)
 	local retval = cfe({ type="group", value={}, label=label or "" })
-	retval.value.basedir = cfe({ type="hidden", label="Base Directory", key=true })
+	retval.value.cadir = cfe({ type="hidden", label="CA Directory", key=true })
 	self.handle_clientdata(retval, clientdata)
-	if retval.value.basedir.value ~= "" then
-		openssldir = posix.dirname(retval.value.basedir.value.."/tmp").."/"
+	basedir = openssldir
+	if string.find(retval.value.cadir.value, "%.%.") then
+		retval.value.cadir.errtxt = "Invalid Directory"
+	elseif retval.value.cadir.value ~= "" then
+		basedir = string.gsub(basedir..retval.value.cadir.value.."/", "//", "/")
 	end
 	return retval
 end
@@ -44,7 +48,7 @@ end
 -- Create a cfe with the distinguished name defaults
 local getdefaults = function(self, clientdata)
 	local defaults = initializecfe(self, clientdata, "OpenSSL Request")
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+	config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 	local distinguished_name = config.req.distinguished_name or ""
 
 	-- Define the order of the parameters in the form
@@ -66,7 +70,7 @@ end
 
 -- Validate the values of distinguished names using the min/max found in the config file
 local validate_distinguished_names = function(values)
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+	config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 	local distinguished_name = config.req.distinguished_name or ""
 	local success = true
 
@@ -137,7 +141,7 @@ local create_subject_string = function(values, ignorevalues)
 end
 
 local getconfigentry = function(section, value)
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+	config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 	local result = config[section][value] or config[""][value] or ""
 	while string.find(result, "%$[%w_]+") do
 		local sub = string.match(result, "%$[%w_]+")
@@ -148,7 +152,7 @@ end
 
 -- Find the sections of the config file that define ca's (ca -name option)
 local find_ca_sections = function()
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+	config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 	local cert_types = {}
 
 	for section in pairs(config) do
@@ -186,7 +190,7 @@ local validate_request = function(defaults, noextensionsections)
 	end
 
 	if defaults.value.extensions then
-		config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+		config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 		local extensions = format.parse_ini_file(defaults.value.extensions.value)
 		for name,value in pairs(extensions or {}) do
 			if name ~= "" and noextensionsections then
@@ -203,7 +207,7 @@ local validate_request = function(defaults, noextensionsections)
 end
 
 local copyca = function(cacert, cakey)
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+	config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 	local certpath = getconfigentry(config.ca.default_ca, "certificate")
 	fs.move_file(cacert, certpath)
 	local keypath = getconfigentry(config.ca.default_ca, "private_key")
@@ -264,7 +268,7 @@ end
 local listrequests = function(user)
 	user = user or "*"
 	local list={}
-	local files = posix.glob(openssldir..requestdir..user..".*\\.csr") or {}
+	local files = posix.glob(basedir..requestdir..user..".*\\.csr") or {}
 	for i,x in ipairs(files) do
 		local name = string.gsub(posix.basename(x), ".csr$", "")
 		local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)")
@@ -276,7 +280,7 @@ end
 local listcerts = function(user)
 	user = user or "*"
 	local list={}
-	local files = posix.glob(openssldir..certdir..user..".*\\.pfx") or {}
+	local files = posix.glob(basedir..certdir..user..".*\\.pfx") or {}
 	-- Do this in two steps - saves forking openssl for each cert, which
 	-- speeds things up noticably for > 100 certs
 	local crtlist = {}
@@ -287,7 +291,7 @@ local listcerts = function(user)
 		list[#list + 1] = {cert=name, user=a, certtype=b, 
 			commonName=unhashname(c), serial=d, enddate=enddate, 
 			daysremaining=time}
-		crtlist[#crtlist+1] = "x509 -in "..openssldir..certdir..name..".crt -noout -enddate"
+		crtlist[#crtlist+1] = "x509 -in "..basedir..certdir..name..".crt -noout -enddate"
 	end
 
 	local out = modelfunctions.run_executable({"openssl"}, false, table.concat(crtlist, "\n").."\nexit\n")
@@ -314,7 +318,7 @@ local listcerts = function(user)
 end
 
 local listrevoked = function()
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+	config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 	local databasepath = getconfigentry(config.ca.default_ca, "database")
 	local revoked = {}
 	local database = fs.read_file_as_array(databasepath) or {}
@@ -331,12 +335,12 @@ local checkenvironment = function()
 	local cmdline = {}
 	
 	-- First check for the openssl, req, and cert directories
-	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("openssl directory", openssldir)
-	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("new certificate directory", openssldir..certdir)
-	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("request directory", openssldir..requestdir)
+	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("openssl directory", basedir)
+	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("new certificate directory", basedir..certdir)
+	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("request directory", basedir..requestdir)
 
 	-- Then check for the config file entries
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+	config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 
 	if config then
 		local chkpath = getconfigentry(config.ca.default_ca, "new_certs_dir")
@@ -384,21 +388,21 @@ end
 mymodule.getstatus = function(self, clientdata)
 	-- set the working directory and umask once for model
 	posix.umask("rw-------")
-	posix.chdir(openssldir)
+	posix.chdir(basedir)
 	local retval = initializecfe(self, clientdata, "OpenSSL status")
 	local value,errtxt=processinfo.package_version(packagename)
 	retval.value.version = cfe({ value=value, errtxt=errtxt, label="Program version", name=packagename })
-	retval.value.conffile = cfe({ value=openssldir..configfile, label="Configuration file" })
+	retval.value.conffile = cfe({ value=basedir..configfile, label="Configuration file" })
 	retval.value.cacert = cfe({ label="CA Certificate" })
 	retval.value.cacertcontents = cfe({ type="longtext", label="CA Certificate contents" })
 	retval.value.cakey = cfe({ label="CA Key" })
-	if not fs.is_file(openssldir..configfile) then
+	if not fs.is_file(basedir..configfile) then
 		retval.value.conffile.errtxt="File not found"
 		retval.value.cacert.errtxt="File not defined"
 		retval.value.cacertcontents.errtxt=""
 		retval.value.cakey.errtxt="File not defined"
 	else
-		config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+		config = config or format.parse_ini_file(fs.read_file(basedir..configfile) or "")
 		if (not config) or (not config.ca) or (not config.ca.default_ca) then
 			retval.value.conffile.errtxt="Invalid config file"
 			retval.value.cacert.errtxt="File not defined"
@@ -449,7 +453,7 @@ mymodule.getreqdefaults = function(self, clientdata)
 		value=config.ca.default_ca, option=find_ca_sections(), seq=96 })
 	-- Add in the extensions
 	local extensions = ""
-	local content = fs.read_file(openssldir..configfile) or ""
+	local content = fs.read_file(basedir..configfile) or ""
 	config = config or format.parse_ini_file(content)
 	if config.req.req_extensions then
 		extensions = format.get_ini_section(content, config.req.req_extensions)
@@ -464,7 +468,7 @@ mymodule.setreqdefaults = function(self, defaults)
 
 	-- If success, write the values to the config file
 	if success then
-		local fileval = fs.read_file(openssldir..configfile) or ""
+		local fileval = fs.read_file(basedir..configfile) or ""
 		config = config or format.parse_ini_file(fileval)
 		local ext_section
 		if not config.req or not config.req.req_extensions then
@@ -479,7 +483,7 @@ mymodule.setreqdefaults = function(self, defaults)
 		fileval = format.set_ini_section(fileval, ext_section, format.dostounix(defaults.value.extensions.value))
 		fileval = format.update_ini_file(fileval, "ca", "default_ca", defaults.value.certtype.value)
 		fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions", "validdays"})
-		fs.write_file(openssldir..configfile, fileval)
+		fs.write_file(basedir..configfile, fileval)
 	end
 
 	if not success then
@@ -515,7 +519,7 @@ mymodule.submitrequest = function(self, defaults, submit, user)
 		success = false
 	end
 
-	local reqname = openssldir..requestdir..user.."."..defaults.value.certtype.value.."."..hashname(defaults.value.commonName.value)
+	local reqname = basedir..requestdir..user.."."..defaults.value.certtype.value.."."..hashname(defaults.value.commonName.value)
 	if fs.is_file(reqname..".csr") then
 		defaults.errtxt = "Failed to submit request\nRequest already exists"
 		success = false
@@ -531,7 +535,7 @@ mymodule.submitrequest = function(self, defaults, submit, user)
 		local subject = create_subject_string(defaults, {"password", "password_confirm", "certtype", "extensions"})
 
 		-- Generate a temp config file for this request
-		local fileval = fs.read_file(openssldir..configfile) or ""
+		local fileval = fs.read_file(basedir..configfile) or ""
 		config = config or format.parse_ini_file(fileval)
 		local ext_section = "v3_req"
 		while config[ext_section] do ext_section = "v3_req_"..tostring(os.time()) end
@@ -596,7 +600,7 @@ mymodule.viewrequest = function(self, clientdata)
         self.handle_clientdata(retval, clientdata)
 
 	local request = retval.value.request.value
-	local reqpath = openssldir..requestdir .. request
+	local reqpath = basedir..requestdir .. request
 	local cmdresult = modelfunctions.run_executable({"openssl", "req", "-in", reqpath..".csr", "-text", "-noout"})
 	local a,b,c = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)")
 	retval.value.details = cfe({ type="table", value={request=request, user=a, certtype=b, commonName=unhashname(c), value=cmdresult}, label="Request Details" })
@@ -610,7 +614,7 @@ mymodule.getapproverequest = function(self, clientdata)
 end
 
 mymodule.approverequest = function(self, apprequest)
-	local reqpath = openssldir..requestdir .. apprequest.value.request.value
+	local reqpath = basedir..requestdir .. apprequest.value.request.value
 	if fs.is_file(reqpath..".csr") then
 		-- Request file exists, so try to sign
 		local user,certtype,commonName = string.match(apprequest.value.request.value, "([^%.]*)%.([^%.]*)%.([^%.]*)")
@@ -619,7 +623,7 @@ mymodule.approverequest = function(self, apprequest)
 		local serialpath = getconfigentry(certtype, "serial")
 		local serialfile = fs.read_file(serialpath) or ""
 		local serial = string.match(serialfile, "%x+")
-		local certname = openssldir..certdir..apprequest.value.request.value.."."..serial
+		local certname = basedir..certdir..apprequest.value.request.value.."."..serial
 		
 		-- Now, sign the certificate
 		apprequest.descr, apprequest.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", reqpath..".cfg", "-in", reqpath..".csr", "-out", certname..".crt", "-name", certtype, "-batch"}, true)
@@ -665,11 +669,11 @@ end
 
 mymodule.deleterequest = function(self, delrequest, submit, user)
 	user = user or ".*"
-	if (not fs.is_file(openssldir..requestdir..delrequest.value.request.value..".csr")) or (not string.find(delrequest.value.request.value, "^"..user.."%.")) then
+	if (not fs.is_file(basedir..requestdir..delrequest.value.request.value..".csr")) or (not string.find(delrequest.value.request.value, "^"..user.."%.")) then
 		delrequest.value.request.errtxt = "Request not found"
 		delrequest.errtxt = "Failed to Delete Request"
 	else
-		local reqpath = openssldir..requestdir..delrequest.value.request.value
+		local reqpath = basedir..requestdir..delrequest.value.request.value
 		os.remove(reqpath..".pwd")
 		os.remove(reqpath..".sbj")
 		os.remove(reqpath..".pem")
@@ -685,7 +689,7 @@ mymodule.viewcert = function(self, clientdata)
         self.handle_clientdata(retval, clientdata)
 
 	local cert = retval.value.cert.value
-	local cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", openssldir..certdir..cert..".crt", "-noout", "-text"})
+	local cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", basedir..certdir..cert..".crt", "-noout", "-text"})
 	local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
 	retval.value.details = cfe({ type="table", value={cert=cert, user=a, certtype=b, commonName=unhashname(c), serial=d, value=cmdresult}, label="Certificate Details" })
 	return retval
@@ -698,7 +702,7 @@ mymodule.getcert = function(self, clientdata)
 
 	local cert = retval.value.cert.value
 	if cert ~= "" then
-		local f = fs.read_file(openssldir..certdir..cert..".pfx") or ""
+		local f = fs.read_file(basedir..certdir..cert..".pfx") or ""
 		local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
 		c = string.gsub(unhashname(c), "[^%w_-]", "")
 		retval.value.details = cfe({ type="raw", value=f, label=c..".pfx", option="application/x-pkcs12" })
@@ -714,7 +718,7 @@ mymodule.getrevokecert = function(self, clientdata)
 end
 
 mymodule.revokecert = function(self, revreq)
-	revreq.descr, revreq.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", openssldir..configfile, "-revoke", openssldir..certdir..revreq.value.cert.value..".crt", "-batch"}, true)
+	revreq.descr, revreq.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", basedir..configfile, "-revoke", basedir..certdir..revreq.value.cert.value..".crt", "-batch"}, true)
 	return revreq
 end
 
@@ -726,7 +730,7 @@ end
 
 mymodule.deletecert = function(self, delcert)
 	-- The certificate will still be in the ca directories and index.txt, just not available for web interface
-	local certname = openssldir..certdir..delcert.value.cert.value
+	local certname = basedir..certdir..delcert.value.cert.value
 	os.remove(certname..".cfg")
 	os.remove(certname..".crt")
 	os.remove(certname..".pem")
@@ -745,7 +749,7 @@ end
 mymodule.renewcert = function(self, recert, submit, approve)
 	local success = true
 	local user,certtype,commonName,serialnum = string.match(recert.value.cert.value, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
-	local reqname = openssldir..requestdir..user.."."..certtype.."."..commonName
+	local reqname = basedir..requestdir..user.."."..certtype.."."..commonName
 	if fs.is_file(reqname..".csr") then
 		recert.errtxt = "Failed to submit request"
 		recert.value.cert.errtxt = "Request already exists"
@@ -755,7 +759,7 @@ mymodule.renewcert = function(self, recert, submit, approve)
 	if success then
 		-- Submit the request
 		-- First, put the subject, config file and password in place
-		local certname = openssldir..certdir..recert.value.cert.value
+		local certname = basedir..certdir..recert.value.cert.value
 		fs.copy_file(certname..".pwd", reqname..".pwd")
 		fs.copy_file(certname..".sbj", reqname..".sbj")
 		fs.copy_file(certname..".cfg", reqname..".cfg")
@@ -800,8 +804,8 @@ mymodule.getcrl = function(self, clientdata)
 	local crltype = retval.value.crltype.value
 	if modelfunctions.validateselect(retval.value.crltype) then
 		retval.value.details = cfe({ type="raw", option="application/pkix-crl" })
-		modelfunctions.run_executable({"openssl", "ca", "-config", openssldir..configfile, "-gencrl", "-out", openssldir.."ca-crl.crl"})
-		modelfunctions.run_executable({"openssl", "crl", "-in", openssldir.."ca-crl.crl", "-out", openssldir.."ca-der-crl.crl", "-outform", "DER"})
+		modelfunctions.run_executable({"openssl", "ca", "-config", basedir..configfile, "-gencrl", "-out", basedir.."ca-crl.crl"})
+		modelfunctions.run_executable({"openssl", "crl", "-in", basedir.."ca-crl.crl", "-out", basedir.."ca-der-crl.crl", "-outform", "DER"})
 		if crltype == "DER" then
 			retval.value.details.label = "ca-der-crl.crl"
 			retval.value.details.value = fs.read_file(retval.value.details.label) or ""
@@ -826,8 +830,8 @@ mymodule.getca = function(self, clientdata)
 		retval.value.details = cfe({ type="raw", option="application/x-x509-ca-cert" })
 		local fname = "cacert."
 		if certtype == "DER" then
-			if not posix.stat(openssldir.."cacert.der") then
-				modelfunctions.run_executable({"openssl", "x509", "-in", openssldir.."cacert.pem", "-outform", "der", "-out", openssldir.."cacert.der"})
+			if not posix.stat(basedir.."cacert.der") then
+				modelfunctions.run_executable({"openssl", "x509", "-in", basedir.."cacert.pem", "-outform", "der", "-out", basedir.."cacert.der"})
 			end
 			fname = fname.."der"
 			retval.value.details.label = fname
@@ -928,7 +932,7 @@ mymodule.generateca = function(self, defaults)
 
 		-- Submit the request
 		local subject = create_subject_string(defaults, {"days"})
-		local cmdresult = modelfunctions.run_executable({"openssl", "req", "-x509", "-nodes", "-new", "-config", openssldir..configfile, "-keyout", "/tmp/cakey.pem", "-out", "/tmp/cacert.pem", "-subj", subject, "-days", defaults.value.days.value}, true)
+		local cmdresult = modelfunctions.run_executable({"openssl", "req", "-x509", "-nodes", "-new", "-config", basedir..configfile, "-keyout", "/tmp/cakey.pem", "-out", "/tmp/cacert.pem", "-subj", subject, "-days", defaults.value.days.value}, true)
 		local certfilestats = posix.stat("/tmp/cacert.pem")
 		local keyfilestats = posix.stat("/tmp/cakey.pem")
 		if not certfilestats or certfilestats.size == 0 or not keyfilestats or keyfilestats.size == 0 then
@@ -955,7 +959,7 @@ end
 
 mymodule.getconfigfile = function(self, clientdata)
 	local retval = initializecfe(self, clientdata, "")
-	local retval2 = modelfunctions.getfiledetails(openssldir..configfile)
+	local retval2 = modelfunctions.getfiledetails(basedir..configfile)
 	for name,value in pairs(retval.value) do
 		retval2.value[name] = value
 	end
@@ -964,7 +968,7 @@ end
 
 mymodule.setconfigfile = function(self, filedetails)
 	-- validate
-	return modelfunctions.setfiledetails(self, filedetails, {openssldir..configfile})
+	return modelfunctions.setfiledetails(self, filedetails, {basedir..configfile})
 end
 
 mymodule.getenvironment = function(self, clientdata)
diff --git a/openssl-read-html.lsp b/openssl-read-html.lsp
index c188db5..4691b13 100644
--- a/openssl-read-html.lsp
+++ b/openssl-read-html.lsp
@@ -24,7 +24,7 @@
 
 <% htmlviewfunctions.displaycommandresults({"approve", "deleterequest", "deletemyrequest", "renewcert", "requestrenewcert", "revoke", "deletecert"}, session) %>
 
-<% local basedir = cfe({ type="hidden", value=view.value.basedir.value }) %>
+<% local cadir = cfe({ type="hidden", value=view.value.cadir.value }) %>
 <%
 local label = ""
 if view.value.user then
@@ -52,15 +52,15 @@ local header_level = htmlviewfunctions.displaysectionstart(cfe({label="Pending c
 		<%
 		req.value = request.request
 		if viewlibrary.check_permission("viewrequest") then
-			htmlviewfunctions.displayitem(cfe({type="link", value={request=req, basedir=basedir}, label="", option="View", action="viewrequest"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="link", value={request=req, cadir=cadir}, label="", option="View", action="viewrequest"}), page_info, -1)
 		end
 		if viewlibrary.check_permission("approve") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={request=req, basedir=basedir}, label="", option="Approve", action="approve"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={request=req, cadir=cadir}, label="", option="Approve", action="approve"}), page_info, -1)
 		end
 		if viewlibrary.check_permission("deleterequest") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={request=req, basedir=basedir}, label="", option="Delete", action="deleterequest"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={request=req, cadir=cadir}, label="", option="Delete", action="deleterequest"}), page_info, -1)
 		elseif viewlibrary.check_permission("deletemyrequest") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={request=req, basedir=basedir}, label="", option="Delete", action="deletemyrequest"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={request=req, cadir=cadir}, label="", option="Delete", action="deletemyrequest"}), page_info, -1)
 		end
 		%>
 		</td>
@@ -117,21 +117,21 @@ end %>
 		<%
 		crt.value = cert.cert
 		if viewlibrary.check_permission("viewcert") then
-			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, basedir=basedir}, label="", option="View", action="viewcert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, cadir=cadir}, label="", option="View", action="viewcert"}), page_info, -1)
 		end
 		if viewlibrary.check_permission("getcert") then
-			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, viewtype=viewtype, basedir=basedir}, label="", option="Download", action="getcert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, viewtype=viewtype, cadir=cadir}, label="", option="Download", action="getcert"}), page_info, -1)
 		end
 		if viewlibrary.check_permission("renewcert") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, basedir=basedir}, label="", option="Renew", action="renewcert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, cadir=cadir}, label="", option="Renew", action="renewcert"}), page_info, -1)
 		elseif viewlibrary.check_permission("requestrenewcert") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, basedir=basedir}, label="", option="Renew", action="requestrenewcert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, cadir=cadir}, label="", option="Renew", action="requestrenewcert"}), page_info, -1)
 		end
 		if viewlibrary.check_permission("revoke") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, basedir=basedir}, label="", option="Revoke", action="revoke"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, cadir=cadir}, label="", option="Revoke", action="revoke"}), page_info, -1)
 		end
 		if viewlibrary.check_permission("deletecert") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, basedir=basedir}, label="", option="Delete", action="deletecert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, cadir=cadir}, label="", option="Delete", action="deletecert"}), page_info, -1)
 		end
 		%>
 		</td>
@@ -169,13 +169,13 @@ end %>
 		<%
 		crt.value = cert.cert
 		if viewlibrary.check_permission("viewcert") then
-			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, basedir=basedir}, label="", option="View", action="viewcert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, cadir=cadir}, label="", option="View", action="viewcert"}), page_info, -1)
 		end
 		--[[ if viewlibrary.check_permission("getcert") then
-			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, viewtype=viewtype, basedir=basedir}, label="", option="Download", action="getcert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt, viewtype=viewtype, cadir=cadir}, label="", option="Download", action="getcert"}), page_info, -1)
 		end --]]
 		if viewlibrary.check_permission("deletecert") then
-			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, basedir=basedir}, label="", option="Delete", action="deletecert"}), page_info, -1)
+			htmlviewfunctions.displayitem(cfe({type="form", value={cert=crt, cadir=cadir}, label="", option="Delete", action="deletecert"}), page_info, -1)
 		end
 		%>
 		</td>
@@ -192,10 +192,10 @@ end %>
 
 <%
 if viewlibrary.check_permission("getrevoked") then
-	local basedir = cfe({type="hidden", value=view.value.basedir.value})
+	local cadir = cfe({type="hidden", value=view.value.cadir.value})
 	htmlviewfunctions.displaysectionstart(cfe({label="Get revoked list (crl)"}), page_info, header_level)
-	htmlviewfunctions.displayitem(cfe({type="link", value={crltype=cfe({type="hidden", value="PEM"}), viewtype=viewtype, basedir=basedir}, label="", option="Download PEM", action="getrevoked"}), page_info, -1)
-	htmlviewfunctions.displayitem(cfe({type="link", value={crltype=cfe({type="hidden", value="DER"}), viewtype=viewtype, basedir=basedir}, label="", option="Download DER", action="getrevoked"}), page_info, -1)
+	htmlviewfunctions.displayitem(cfe({type="link", value={crltype=cfe({type="hidden", value="PEM"}), viewtype=viewtype, cadir=cadir}, label="", option="Download PEM", action="getrevoked"}), page_info, -1)
+	htmlviewfunctions.displayitem(cfe({type="link", value={crltype=cfe({type="hidden", value="DER"}), viewtype=viewtype, cadir=cadir}, label="", option="Download DER", action="getrevoked"}), page_info, -1)
 	htmlviewfunctions.displaysectionend(header_level)
 end
 %>
diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index 1cd35c6..07c1646 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -25,7 +25,7 @@ htmlviewfunctions.displayitem(view.value.cakey)
 if not view.value.version.errtxt and not view.value.conffile.errtxt then
 	if view.value.environment.errtxt then
 		if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("checkenvironment") then
-			viewlibrary.dispatch_component("checkenvironment", {basedir=view.value.basedir.value})
+			viewlibrary.dispatch_component("checkenvironment", {cadir=view.value.cadir.value})
 		end
 	elseif not view.value.cacert.errtxt and not view.value.cakey.errtxt then
 		htmlviewfunctions.displaysectionstart(view.value.cacertcontents, page_info, header_level)
@@ -33,10 +33,10 @@ if not view.value.version.errtxt and not view.value.conffile.errtxt then
 		htmlviewfunctions.displaysectionend(header_level)
 	elseif viewlibrary and viewlibrary.dispatch_component then
 		if viewlibrary.check_permission("putcacert") then
-			viewlibrary.dispatch_component("putcacert", {basedir=view.value.basedir.value})
+			viewlibrary.dispatch_component("putcacert", {cadir=view.value.cadir.value})
 		end
 		if viewlibrary.check_permission("generatecacert") then
-			viewlibrary.dispatch_component("generatecacert", {basedir=view.value.basedir.value})
+			viewlibrary.dispatch_component("generatecacert", {cadir=view.value.cadir.value})
 		end
 	end
 end
@@ -45,10 +45,10 @@ end
 <%
 if not view.value.cacert.errtxt and viewlibrary.check_permission("downloadcacert") then
 	local viewtype = cfe({type="hidden", value="stream"})
-	local basedir = cfe({type="hidden", value=view.value.basedir.value})
+	local cadir = cfe({type="hidden", value=view.value.cadir.value})
         htmlviewfunctions.displaysectionstart(cfe({label="Download CA Cert"}), page_info, header_level)
-        htmlviewfunctions.displayitem(cfe({type="link", value={certtype=cfe({type="hidden", value="PEM"}), viewtype=viewtype, basedir=basedir}, label="", option="Download PEM", action="downloadcacert"}), page_info, -1)
-        htmlviewfunctions.displayitem(cfe({type="link", value={certtype=cfe({type="hidden", value="DER"}), viewtype=viewtype, basedir=basedir}, label="", option="Download DER", action="downloadcacert"}), page_info, -1)
+        htmlviewfunctions.displayitem(cfe({type="link", value={certtype=cfe({type="hidden", value="PEM"}), viewtype=viewtype, cadir=cadir}, label="", option="Download PEM", action="downloadcacert"}), page_info, -1)
+        htmlviewfunctions.displayitem(cfe({type="link", value={certtype=cfe({type="hidden", value="DER"}), viewtype=viewtype, cadir=cadir}, label="", option="Download DER", action="downloadcacert"}), page_info, -1)
         htmlviewfunctions.displaysectionend(header_level)
 end
 %>
author	Ted Trask <ttrask01@yahoo.com>	2015-02-02 16:16:46 -0500
committer	Ted Trask <ttrask01@yahoo.com>	2015-02-02 16:17:27 -0500
commit	7fa6abdb25ee1ea7dda9b3771d139788c120940f (patch)
tree	7b05e633e96654ce19c2381e6e8f3dafce96efcc
parent	2238876a4b10036a82ce3cd3e8c9c759651047e8 (diff)
download	acf-openssl-7fa6abdb25ee1ea7dda9b3771d139788c120940f.tar.bz2 acf-openssl-7fa6abdb25ee1ea7dda9b3771d139788c120940f.tar.xz