bug-790: change PEM-Armor-striping code to not break correct CSRs
authorFelix Dörre <felix@dogcraft.de>
Tue, 23 Sep 2014 22:20:37 +0000 (00:20 +0200)
committerFelix Dörre <felix@dogcraft.de>
Tue, 7 Oct 2014 20:08:44 +0000 (22:08 +0200)
(copied from somewhere above)

includes/account.php
includes/keygen.php

index a713f09..97d38ac 100644 (file)
@@ -1570,7 +1570,12 @@ function buildSubjectFromSession() {
                        }
                        mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
                } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
-                       $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
+                       $csr = clean_csr($_REQUEST['CSR']);
+                       if(strpos($csr,"---BEGIN") === FALSE)
+                       {
+                               // In case the CSR is missing the ---BEGIN lines, add them automatically:
+                               $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$csr."\n-----END CERTIFICATE REQUEST-----\n";
+                       }
 
                        if (($weakKey = checkWeakKeyCSR($csr)) !== "")
                        {
index 72cddc8..15dee8a 100644 (file)
@@ -121,7 +121,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A
                        <input type="hidden" name="keytype" value="NS">
                        <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
 
-                       <input type="submit" name="submit" value="<?=_("Generate keypair within browser")?>">
+                       <input type="submit" name="submit" value="<?=_("Generate key pair within browser")?>">
                        <input type="hidden" name="oldid" value="<?=intval($id)?>">
                </form>
        </p>