Merge pull request #950 from wrongecho/cert-checks-custom-ports

Certificate checks - Allow custom ports
2024-05-05 14:29:51 -04:00 · 2024-05-05 14:29:51 -04:00 · 0f6a781638
parent aca1a13104 43abd177ea
commit 0f6a781638
2 changed files with 19 additions and 25 deletions
--- a/ajax.php
+++ b/ajax.php
@ -19,37 +19,22 @@ require_once "rfc6238.php";
 * Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
 */
 if (isset($_GET['certificate_fetch_parse_json_details'])) {
+
    // PHP doesn't appreciate attempting SSL sockets to non-existent domains
    if (empty($_GET['domain'])) {
        exit();
    }
-    $domain = $_GET['domain'];

-    // FQDNs in database shouldn't have a URL scheme, adding one
-    $domain = "https://".$domain;
+    $name = $_GET['domain'];

-    // Parse host and port
-    $url = parse_url($domain, PHP_URL_HOST);
-    $port = parse_url($domain, PHP_URL_PORT);
-    // Default port
-    if (!$port) {
-        $port = "443";
-    }
+    // Get SSL cert for domain (if exists)
+    $certificate = getSSL($name);

-    // Get certificate (using verify peer false to allow for self-signed certs)
-    $socket = "ssl://$url:$port";
-    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => true, "verify_peer" => false,)));
-    $read = stream_socket_client($socket, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
-    $cert = stream_context_get_params($read);
-    $cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
-    openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
-
-    // Process data
-    if ($cert_public_key_obj) {
+    if ($certificate['success'] == "TRUE") {
        $response['success'] = "TRUE";
-        $response['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']);
-        $response['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']);
-        $response['public_key'] = $export; //nl2br
+        $response['expire'] = $certificate['expire'];
+        $response['issued_by'] = $certificate['issued_by'];
+        $response['public_key'] = $certificate['public_key'];
    } else {
        $response['success'] = "FALSE";
    }
--- a/functions.php
+++ b/functions.php
@ -427,9 +427,18 @@ function getDomainRecords($name)

 // Used to automatically attempt to get SSL certificates as part of adding domains
 // The logic for the fetch (sync) button on the client_certificates page is in ajax.php, and allows ports other than 443
-function getSSL($name)
+function getSSL($full_name)
 {

+    // Parse host and port
+    $name = parse_url("//$full_name", PHP_URL_HOST);
+    $port = parse_url("//$full_name", PHP_URL_PORT);
+
+    // Default port
+    if (!$port) {
+        $port = "443";
+    }
+
    $certificate = array();
    $certificate['success'] = false;

@ -442,7 +451,7 @@ function getSSL($name)
    }

    // Get SSL/TSL certificate (using verify peer false to allow for self-signed certs) for domain on default port
-    $socket = "ssl://$name:443";
+    $socket = "ssl://$name:$port";
    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => true, "verify_peer" => false,)));
    $read = stream_socket_client($socket, $errno, $errstr, 5, STREAM_CLIENT_CONNECT, $get);