Commit da42d9b7 authored by Till Brehm's avatar Till Brehm
Browse files

Additional check for #4910 Do not permit to add subdomains of domain acme.invalid

parent fb67a582
...@@ -395,6 +395,26 @@ class apache2_plugin { ...@@ -395,6 +395,26 @@ class apache2_plugin {
} }
} }
//* and check that SSL cert does not contain subdomain of domain acme.invalid
if($data["new"]["ssl_action"] == 'save') {
$tmp = array();
$crt_data = '';
exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp);
$crt_data = implode("\n",$tmp);
if(stristr($crt_data,'.acme.invalid')) {
$data["new"]["ssl_action"] = '';
$app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN);
$app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.');
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
//* Save a SSL certificate to disk //* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') { if($data["new"]["ssl_action"] == 'save') {
$this->ssl_certificate_changed = true; $this->ssl_certificate_changed = true;
......
...@@ -236,6 +236,26 @@ class nginx_plugin { ...@@ -236,6 +236,26 @@ class nginx_plugin {
} }
} }
//* and check that SSL cert does not contain subdomain of domain acme.invalid
if($data["new"]["ssl_action"] == 'save') {
$tmp = array();
$crt_data = '';
exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp);
$crt_data = implode("\n",$tmp);
if(stristr($crt_data,'.acme.invalid')) {
$data["new"]["ssl_action"] = '';
$app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN);
$app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.');
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
//* Save a SSL certificate to disk //* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') { if($data["new"]["ssl_action"] == 'save') {
$this->ssl_certificate_changed = true; $this->ssl_certificate_changed = true;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment