From 59c61b820001e28adca65e6c1d77c161648d9396 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Fri, 23 Mar 2012 11:28:56 -0300 Subject: dansguardian - include ca_root_nss-3.13.3 package for certificate checks --- config/dansguardian/dansguardian.inc | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'config/dansguardian') diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index a568b69e..3d2d83f8 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -226,6 +226,7 @@ function sync_package_dansguardian() { $ca_pk = "caprivatekeypath = '/etc/ssl/demoCA/private/cakey.pem'"; } if(base64_decode($ca_cert['crt'])) { + $cert_hash=array(); file_put_contents("/etc/ssl/demoCA/cacert.pem",base64_decode($ca_cert['crt'])); exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash); file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt'])); @@ -1033,6 +1034,25 @@ function dansguardian_validate_input($post, &$input_errors) { } function dansguardian_php_install_command() { + conf_mount_rw(); + #create ca-root hashes from ca-root-nss package + print "Creating root certificate bundle hashes from the Mozilla Project\n"; + $cas=file('/usr/local/share/certs/ca-root-nss.crt'); + $cert=0; + foreach ($cas as $ca){ + if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) + $cert=1; + if ($cert == 1) + $crt.=$ca; + if (preg_match("/-END CERTIFICATE-/",$ca)){ + file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); + $cert_hash=array(); + exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); + file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); + $crt=""; + $cert=0; + } + } sync_package_dansguardian(); } -- cgit v1.2.3