X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FCertificate.pm;h=f67f6cd5c65ccfc42589d3fb53baf53649b4ff58;hb=HEAD;hp=03f27fc1e20556c2b80a8329acdf577cdfcdcd9b;hpb=060a437fe97dea07b2d9c671e69deb833ca6b8b7;p=pve-common.git diff --git a/src/PVE/Certificate.pm b/src/PVE/Certificate.pm index 03f27fc..f67f6cd 100644 --- a/src/PVE/Certificate.pm +++ b/src/PVE/Certificate.pm @@ -91,8 +91,6 @@ PVE::JSONSchema::register_standard_option('pve-certificate-info', { }, }); -# see RFC 7468 -my $b64_char_re = qr![0-9A-Za-z\+/]!; my $header_re = sub { my ($label) = @_; return qr!-----BEGIN\ $label-----(?:\s|\n)*!; @@ -104,6 +102,7 @@ my $footer_re = sub { my $pem_re = sub { my ($label) = @_; + my $b64_char_re = qr![0-9A-Za-z\+/]!; # see RFC 7468 my $header = $header_re->($label); my $footer = $footer_re->($label); @@ -134,22 +133,15 @@ sub split_pem { sub check_pem { my ($content, %opts) = @_; - my $label = $opts{label} // 'CERTIFICATE'; - my $multiple = $opts{multiple}; - my $noerr = $opts{noerr}; - $content = strip_leading_text($content); - my $re = $pem_re->($label); + my $re = $pem_re->($opts{label} // 'CERTIFICATE'); + $re = qr/($re\n+)*$re/ if $opts{multiple}; - $re = qr/($re\n+)*$re/ if $multiple; + return $content if $content =~ /^$re$/; # OK - if ($content =~ /^$re$/) { - return $content; - } else { - return undef if $noerr; - die "not a valid PEM-formatted string.\n"; - } + return undef if $opts{noerr}; + die "not a valid PEM-formatted string.\n"; } sub pem_to_der { @@ -181,6 +173,7 @@ sub der_to_pem { my sub ssl_die { my ($msg) = @_; + warn Net::SSLeay::print_errs(); Net::SSLeay::die_now("$msg\n"); }; @@ -437,7 +430,7 @@ sub generate_csr { $cleanup->("Failed to set public key\n") if !Net::SSLeay::X509_REQ_set_pubkey($req, $pk); - $cleanup->("Failed to set CSR version\n") if !Net::SSLeay::X509_REQ_set_version($req, 2); + $cleanup->("Failed to set CSR version\n") if !Net::SSLeay::X509_REQ_set_version($req, 0); $cleanup->("Failed to sign CSR\n") if !Net::SSLeay::X509_REQ_sign($req, $pk, $md);