Commit da42d9b7 authored by Till Brehm's avatar Till Brehm

Additional check for #4910 Do not permit to add subdomains of domain acme.invalid

parent fb67a582
......@@ -394,6 +394,26 @@ class apache2_plugin {
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
//* and check that SSL cert does not contain subdomain of domain acme.invalid
if($data["new"]["ssl_action"] == 'save') {
$tmp = array();
$crt_data = '';
exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp);
$crt_data = implode("\n",$tmp);
if(stristr($crt_data,'.acme.invalid')) {
$data["new"]["ssl_action"] = '';
$app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN);
$app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.');
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
......
......@@ -235,6 +235,26 @@ class nginx_plugin {
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
//* and check that SSL cert does not contain subdomain of domain acme.invalid
if($data["new"]["ssl_action"] == 'save') {
$tmp = array();
$crt_data = '';
exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp);
$crt_data = implode("\n",$tmp);
if(stristr($crt_data,'.acme.invalid')) {
$data["new"]["ssl_action"] = '';
$app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN);
$app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.');
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment