diff options
author | Luke Stuart <lukestu@gmail.com> | 2011-10-07 09:22:26 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2011-10-07 08:12:19 -0400 |
commit | d3e200cb3f0c7391cac59e2b3462f0c069d54103 (patch) | |
tree | 5c438ecce99ef49aab9b7578fe24006f3ad7ceb3 | |
parent | a628cec21b17c4971c5a7560697bb73e1809ef8b (diff) | |
download | acf-openssl-d3e200cb3f0c7391cac59e2b3462f0c069d54103.tar.bz2 acf-openssl-d3e200cb3f0c7391cac59e2b3462f0c069d54103.tar.xz |
Updates to Feature #354 incl. security hole fixed and choice of PEM or DER cacert download.
-rwxr-xr-x | openssl-controller.lua | 4 | ||||
-rwxr-xr-x | openssl-model.lua | 19 | ||||
-rw-r--r-- | openssl-status-html.lsp | 5 | ||||
-rw-r--r-- | openssl.roles | 6 |
4 files changed, 21 insertions, 13 deletions
diff --git a/openssl-controller.lua b/openssl-controller.lua index 3f8750b..aa03ba6 100755 --- a/openssl-controller.lua +++ b/openssl-controller.lua @@ -116,9 +116,9 @@ putcacert = function(self) return controllerfunctions.handle_form(self, self.model.getnewputca, self.model.putca, self.clientdata, "Upload", "Upload CA Certificate", "Certificate Uploaded") end -downloadpem = function(self) +downloadcacert = function(self) self.conf.viewtype="stream" - return self.model.getpem(self.clientdata.dlpath) + return self.model.getca(self.clientdata.certype) end -- Generate a self-signed CA diff --git a/openssl-model.lua b/openssl-model.lua index 9b3a63a..702967f 100755 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -696,12 +696,19 @@ getcrl = function(crltype) return crlfile end -getpem = function(pem) - local f = fs.read_file(pem) or "" - local fname = string.gsub(pem, ".*/", "") - if validator.is_valid_filename(pem, openssldir) then - return cfe({ type="raw", value=f, label=fname, option="application/x-pkcs12" }) - end +getca = function(certype) + + if certype == "der" then + local cmd = path .. "openssl x509 -in "..openssldir.."cacert.pem -outform der -out "..openssldir.."cacert.der" + local f = io.popen(cmd) + f:close() + end + local fname = "cacert."..certype + local dlcert = openssldir..fname + local fread = fs.read_file(dlcert) or "" + if validator.is_valid_filename(dlcert, openssldir) then + return cfe({ type="raw", value=fread, label=fname, option="application/x-x509-ca-cert" }) + end end getnewputca = function() diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp index d191f76..739009c 100644 --- a/openssl-status-html.lsp +++ b/openssl-status-html.lsp @@ -38,5 +38,6 @@ if view.value.version and view.value.version.errtxt and viewlibrary.check_permis end end end %> -<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download -Certificate</H1> <DL> <%= html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value), label="Download "..view.value.cacert.value } %><BR> </DL><% end %> +<% if viewlibrary.check_permission("downloadcacert") then %> <H1>Download +CA Cert</H1> <DL> <%= html.link{value="downloadcacert?certype=pem", label="Download PEM"} %><BR><%= html.link{value="downloadcacert?certype=der", label="Download DER"} %><BR> </DL> +<% end %> diff --git a/openssl.roles b/openssl.roles index 03f5df1..2ef8255 100644 --- a/openssl.roles +++ b/openssl.roles @@ -1,6 +1,6 @@ USER=openssl:status,openssl:getrevoked EDITOR=openssl:editdefaults CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert -CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem -EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem -ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem +CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadcacert +EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert +ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert |