$rcert) { if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr'])) { unset($crl['cert'][$id]); if (count($crl['cert']) == 0) { // Protect against accidentally switching the type to imported, for older CRLs if (!isset($crl['method'])) $crl['method'] = "internal"; crl_update($crl); } else crl_update($crl); return true; } } return false; } // Keep this general to allow for future expansion. See cert_in_use() above. function crl_in_use($crlref) { return (is_openvpn_server_crl($crlref)); } global $openssl_crl_status; $pgtitle = array(gettext("System"), gettext("Certificate Revocation List Manager")); $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); if (isset($_GET['id']) && ctype_alnum($_GET['id'])) { $id = $_GET['id']; } elseif (isset($_POST['id']) && ctype_alnum($_POST['id'])) { $id = $_POST['id']; } if (!is_array($config['ca'])) { $config['ca'] = array(); } $a_ca =& $config['ca']; if (!is_array($config['cert'])) { $config['cert'] = array(); } $a_cert =& $config['cert']; if (!isset($config['crl']) || !is_array($config['crl'])) { $config['crl'] = array(); } $a_crl =& $config['crl']; foreach ($a_crl as $cid => $acrl) { if (!isset($acrl['refid'])) { unset ($a_crl[$cid]); } } $act=null; if (isset($_GET['act'])) { $act = $_GET['act']; } elseif (isset($_POST['act'])) { $act = $_POST['act']; } if (!empty($id)) { $thiscrl =& lookup_crl($id); } // If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors. if (!isset($thiscrl) && (($act != "") && ($act != "new"))) { redirectHeader("system_crlmanager.php"); $act=""; $savemsg = gettext("Invalid CRL reference."); } if ($act == "del") { $name = $thiscrl['descr']; if (crl_in_use($id)) { $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "
"; } else { foreach ($a_crl as $cid => $acrl) { if ($acrl['refid'] == $thiscrl['refid']) { unset($a_crl[$cid]); } } write_config("Deleted CRL {$name}."); $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "
"; } } if ($act == "new") { if (isset($_GET['method'])) { $pconfig['method'] = $_GET['method']; } else { $pconfig['method'] = null; } if (isset($_GET['caref'])) { $pconfig['caref'] = $_GET['caref']; } else { $pconfig['caref'] = null; } $pconfig['lifetime'] = "9999"; $pconfig['serial'] = "0"; } if ($act == "exp") { crl_update($thiscrl); $exp_name = urlencode("{$thiscrl['descr']}.crl"); $exp_data = base64_decode($thiscrl['text']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; exit; } if ($act == "addcert") { if ($_POST) { $input_errors = array(); $pconfig = $_POST; if (!$pconfig['crlref'] || !$pconfig['certref']) { redirectHeader("system_crlmanager.php"); exit; } // certref, crlref $crl =& lookup_crl($pconfig['crlref']); $cert = lookup_cert($pconfig['certref']); if (!$crl['caref'] || !$cert['caref']) { $input_errors[] = gettext("Both the Certificate and CRL must be specified."); } if ($crl['caref'] != $cert['caref']) { $input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke."); } if (!is_crl_internal($crl)) { $input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL."); } if (!count($input_errors)) { $reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason']; cert_revoke($cert, $crl, $reason); openvpn_refresh_crls(); write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}."); redirectHeader("system_crlmanager.php"); exit; } } } if ($act == "delcert") { if (!is_array($thiscrl['cert'])) { redirectHeader("system_crlmanager.php"); exit; } $found = false; foreach ($thiscrl['cert'] as $acert) { if ($acert['refid'] == $_GET['certref']) { $found = true; $thiscert = $acert; } } if (!$found) { redirectHeader("system_crlmanager.php"); exit; } $name = $thiscert['descr']; if (cert_unrevoke($thiscert, $thiscrl)) { $savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "
"; openvpn_refresh_crls(); write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr'])); } else { $savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "
"; } $act="edit"; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ if (($pconfig['method'] == "existing") || ($act == "editimported")) { $reqdfields = explode(" ", "descr crltext"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate Revocation List data")); } if ($pconfig['method'] == "internal") { $reqdfields = explode( " ", "descr caref" ); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate Authority")); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } /* save modifications */ if (!$input_errors) { $result = false; if (isset($thiscrl)) { $crl =& $thiscrl; } else { $crl = array(); $crl['refid'] = uniqid(); } $crl['descr'] = $pconfig['descr']; if ($act != "editimported") { $crl['caref'] = $pconfig['caref']; $crl['method'] = $pconfig['method']; } if (($pconfig['method'] == "existing") || ($act == "editimported")) { $crl['text'] = base64_encode($pconfig['crltext']); } if ($pconfig['method'] == "internal") { $crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial']; $crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime']; $crl['cert'] = array(); } if (!isset($thiscrl)) { $a_crl[] = $crl; } write_config("Saved CRL {$crl['descr']}"); openvpn_refresh_crls(); redirectHeader("system_crlmanager.php"); } } include("head.inc"); ?>
0) { print_input_errors($input_errors); } if (isset($savemsg)) { print_info_box($savemsg); } ?>



  " />

  " />
$cert) : $name = htmlspecialchars($cert['descr']); ?>
" onclick="return confirm('')" class="btn btn-default btn-xs">
:
:
" />

" class="btn btn-default btn-xs"> " class="btn btn-default btn-xs">
"> "> "> ')" class="btn btn-default btn-xs"> ">