bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #774 from chaptergy/better-custom-certificate-handling

Browse Source 
Better custom certificate handling
This commit is contained in:
jc21 2021-01-03 12:09:55 +10:00 committed by GitHub
commit 0d6e058e23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backend/internal/certificate.js
View File

@ -615,18 +615,26 @@ const internalCertificate = {
checkPrivateKey: (private_key) => { checkPrivateKey: (private_key) => {
return tempWrite(private_key, '/tmp') return tempWrite(private_key, '/tmp')
.then((filepath) => { .then((filepath) => {
let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec'; return new Promise((resolve, reject) => {
return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ') const failTimeout = setTimeout(() => {
.then((result) => { reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) { }, 10000);
throw new error.ValidationError('Result Validation Error: ' + result); utils
} .exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
fs.unlinkSync(filepath); .then((result) => {
return true; clearTimeout(failTimeout);
}).catch((err) => { if (!result.toLowerCase().includes('key is valid')) {
fs.unlinkSync(filepath); reject(new error.ValidationError('Result Validation Error: ' + result));
throw new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err); }
}); fs.unlinkSync(filepath);
resolve(true);
})
.catch((err) => {
clearTimeout(failTimeout);
fs.unlinkSync(filepath);
reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
});
});
}); });
}, },

3
frontend/js/app/nginx/certificates/form.ejs
View File

@ -129,6 +129,9 @@
</div> </div>
<% } else if (provider === 'other') { %> <% } else if (provider === 'other') { %>
<!-- Other --> <!-- Other -->
<div class="col-sm-12 col-md-12">
<div class="text-blue mb-4"><i class="fe fe-alert-triangle"></i> <%= i18n('ssl', 'passphrase-protection-support-info') %></div>
</div>
<div class="col-sm-12 col-md-12"> <div class="col-sm-12 col-md-12">
<div class="form-group"> <div class="form-group">
<label class="form-label"><%- i18n('str', 'name') %> <span class="form-required">*</span></label> <label class="form-label"><%- i18n('str', 'name') %> <span class="form-required">*</span></label>

3
frontend/js/i18n/messages.json
View File

@ -112,7 +112,8 @@
"stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!", "stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
"propagation-seconds": "Propagation Seconds", "propagation-seconds": "Propagation Seconds",
"propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.", "propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
"processing-info": "Processing... This might take a few minutes." "processing-info": "Processing... This might take a few minutes.",
"passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
}, },
"proxy-hosts": { "proxy-hosts": {
"title": "Proxy Hosts", "title": "Proxy Hosts",