Certificate checks - Allow custom ports

itflow-org · May 4, 2024 · 43abd17 · 43abd17
1 parent c0fc957
commit 43abd17
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 25 deletions.
diff --git a/ajax.php b/ajax.php
@@ -19,37 +19,22 @@
  * Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
  */
 if (isset($_GET['certificate_fetch_parse_json_details'])) {
+
     // PHP doesn't appreciate attempting SSL sockets to non-existent domains
     if (empty($_GET['domain'])) {
         exit();
     }
-    $domain = $_GET['domain'];
-
-    // FQDNs in database shouldn't have a URL scheme, adding one
-    $domain = "https://".$domain;
 
-    // Parse host and port
-    $url = parse_url($domain, PHP_URL_HOST);
-    $port = parse_url($domain, PHP_URL_PORT);
-    // Default port
-    if (!$port) {
-        $port = "443";
-    }
+    $name = $_GET['domain'];
 
-    // Get certificate (using verify peer false to allow for self-signed certs)
-    $socket = "ssl://$url:$port";
-    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => true, "verify_peer" => false,)));
-    $read = stream_socket_client($socket, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
-    $cert = stream_context_get_params($read);
-    $cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
-    openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
+    // Get SSL cert for domain (if exists)
+    $certificate = getSSL($name);
 
-    // Process data
-    if ($cert_public_key_obj) {
+    if ($certificate['success'] == "TRUE") {
         $response['success'] = "TRUE";
-        $response['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']);
-        $response['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']);
-        $response['public_key'] = $export; //nl2br
+        $response['expire'] = $certificate['expire'];
+        $response['issued_by'] = $certificate['issued_by'];
+        $response['public_key'] = $certificate['public_key'];
     } else {
         $response['success'] = "FALSE";
     }

diff --git a/functions.php b/functions.php
@@ -427,9 +427,18 @@ function getDomainRecords($name)
 
 // Used to automatically attempt to get SSL certificates as part of adding domains
 // The logic for the fetch (sync) button on the client_certificates page is in ajax.php, and allows ports other than 443
-function getSSL($name)
+function getSSL($full_name)
 {
 
+    // Parse host and port
+    $name = parse_url("//$full_name", PHP_URL_HOST);
+    $port = parse_url("//$full_name", PHP_URL_PORT);
+
+    // Default port
+    if (!$port) {
+        $port = "443";
+    }
+
     $certificate = array();
     $certificate['success'] = false;
 
@@ -442,7 +451,7 @@ function getSSL($name)
     }
 
     // Get SSL/TSL certificate (using verify peer false to allow for self-signed certs) for domain on default port
-    $socket = "ssl://$name:443";
+    $socket = "ssl://$name:$port";
     $get = stream_context_create(array("ssl" => array("capture_peer_cert" => true, "verify_peer" => false,)));
     $read = stream_socket_client($socket, $errno, $errstr, 5, STREAM_CLIENT_CONNECT, $get);