Mercurial > hg > freeDiameter
view contrib/PKI/phpki-0.82.patch @ 1513:73e563165594
Add 3GPP TS 29.468 V15.8.0 (2019-12)
Add AVPs:
- BMSC-Address, Address, code 3500, section 6.4.2
- BMSC-Port, Unsigned32, code 3501, section 6.4.3
- Common-Tunnel-Endpoint-Identifier, OctetString, code 3524, section 6.4.26
- FEC-Request, OctetString, code 3525, section 6.4.27
- FEC-Result, Unsigned32, code 3531, section 6.4.33
- Local-M1-Information, Grouped, code 3518, section 6.4.20
- Local-MB2-U-Information, Grouped, code 3519, section 6.4.21
- MB2U-Security, Unsigned32, code 3517, section 6.4.19
- MBMS-Bearer-Event, Unsigned32, code 3502, section 6.4.4
- MBMS-Bearer-Event-Notification, Grouped, code 3503, section 6.4.5
- MBMS-Bearer-Request, Grouped, code 3504, section 6.4.6
- MBMS-Bearer-Response, Grouped, code 3505, section 6.4.7
- MBMS-Bearer-Result, Unsigned32, code 3506, section 6.4.8
- MBMS-eNB-IP-Multicast-Address, Address, code 3520, section 6.4.22
- MBMS-eNB-IPv6-Multicast-Address, Address, code 3521, section 6.4.23
- MBMS-GW-SSM-IP-Address-29.468, Address, code 3522, section 6.4.24
- MBMS-GW-SSM-IPv6-Address-29.468, Address, code 3523, section 6.4.25
- MBMS-Start-Time, Time, code 3507, section 6.4.9
- Radio-Frequency-29.468, Unsigned32, code 3508, section 6.4.10
- ROHC-Full-Header-Periodicity, Float32, code 3527, section 6.4.29
- ROHC-Max-CID, Unsigned32, code 3532, section 6.4.34
- ROHC-Profile, Unsigned32, code 3528, section 6.4.30
- ROHC-Request, Grouped, code 3526, section 6.4.28
- ROHC-Result, Unsigned32, code 3530, section 6.4.32
- TMGI-Allocation-Request, Grouped, code 3509, section 6.4.11
- TMGI-Allocation-Response, Grouped, code 3510, section 6.4.12
- TMGI-Allocation-Result, Unsigned32, code 3511, section 6.4.13
- TMGI-Deallocation-Request, Grouped, code 3512, section 6.4.14
- TMGI-Deallocation-Response, Grouped, code 3513, section 6.4.15
- TMGI-Deallocation-Result, Unsigned32, code 3514, section 6.4.16
- TMGI-Expiry, Grouped, code 3515, section 6.4.17
- TMGI-Number, Unsigned32, code 3516, section 6.4.18
- Userplane-Protocol-Result, Grouped, code 3529, section 6.4.31
Note: Name conflict with 3GPP TS 29.061 MBMS-GW-SSM-IP-Address (924).
3GPP TS 29.061 V10.4.0 (2011-09) CR 0355 added MBMS-GW-SSM-IP-Address (924).
3GPP TS 29.468 V14.0.0 (2016-12) CR 0021 added MBMS-GW-SSM-IP-Address (3522).
Fix: MBMS-GW-SSM-IP-Address (3522) renamed to MBMS-GW-SSM-IP-Address-29.468 (3522).
Note: Name conflict with 3GPP TS 29.061 MBMS-GW-SSM-IPv6-Address (925).
3GPP TS 29.061 V10.4.0 (2011-09) CR 0355 added MBMS-GW-SSM-IPv6-Address (925).
3GPP TS 29.468 V14.0.0 (2016-12) CR 0021 added MBMS-GW-SSM-IPv6-Address (3523).
Fix: MBMS-GW-SSM-IPv6-Address (3523) renamed to MBMS-GW-SSM-IPv6-Address-29.468 (3523).
Note: Name conflict with 3GPP TS 32.299 Radio-Frequency (3462).
3GPP TS 29.468 V12.0.0 (2014-09) added Radio-Frequency (3508).
3GPP TS 32.299 V13.1.0 (2015-06) CR 0638 added Radio-Frequency (3462).
Fix: Radio-Frequency (3508) renamed to Radio-Frequency-29.468 (3508).
author | Luke Mewburn <luke@mewburn.net> |
---|---|
date | Tue, 07 Apr 2020 19:38:33 +1000 |
parents | 0f43f42669be |
children |
line wrap: on
line source
diff -Nur phpki-0.82/ca/main.php phpki-0.82-fD/ca/main.php --- phpki-0.82/ca/main.php 2005-11-17 10:17:20.000000000 +0900 +++ phpki-0.82-fD/ca/main.php 2010-05-27 17:04:44.000000000 +0900 @@ -36,7 +36,7 @@ else { ?> <font color=#ff0000> - <h2>There was an error updating the Certificate Revocation List.</h2></font><br> + <h2>There was an error updating the Certificate Revocation List.</h2></font><br /> <blockquote> <h3>Debug Info:</h3> <pre><?=$errtxt?></pre> @@ -53,8 +53,11 @@ default: printHeader('ca'); ?> - <br> - <br> + <br /> + <br /> + + <center><h3>For <span style="color: #FF0000;">freeDiameter</span> specific instructions, scroll down this page...</h3></center><br /> + <center> <table class=menu width=600><th class=menu colspan=2><big>CERTIFICATE MANAGEMENT MENU</big></th> @@ -89,7 +92,57 @@ </table> </center> - <br><br> + <br /><br /> + <center> + <table class=menu width=900><th class=menu colspan=2><big>FREEDIAMETER INSTRUCTIONS</big></th> + <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> + Create a new certificate</td> + + <td>Use the <strong><cite>Create a New Certificate</cite></strong> link in previous table to request a new certificate. Fill the form as follow: + <ul> + <li><strong>Common Name</strong>: use your new freeDiameter identity (usually the FQDN).</li> + <li><strong>E-mail Address</strong>: Provide your address so that you can be contacted in case of inquiry.</li> + <li><strong>Organization</strong>: use "freeDiameter testbed" for example.</li> + <li><strong>Certificate Password</strong>: Do not loose the password you provide, you'll need it in the next step. <br /> + The password must be >= 8 chars.</li> + <li>The other fields can be filled at your taste.</li> + </ul> + Once you have validated, you can check the values, and then proceed to download the new certificate and private key. + You will receive a file in PEM format. Let's call this file <em>mycertprotected.pem</em>. + It contains: + <ul> + <li>Your password-protected RSA private key.</li> + <li>Your certificate in PEM format.</li> + <li>The CA certificate.</li> + </ul></td></tr> + + <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> + Split the file</td> + + <td>In order to use the information with freeDiameter daemon, you must transform the data as follow: + <ul> + <li><strong>Decode the private key</strong>: <br /> + <code>openssl rsa -in <em>mycertprotected.pem</em> -out /etc/ssl/private/freeDiameter.key</code><br /> + OpenSSL will ask for the password you entered when creating the certificate.</li> + <li><strong>Extract your certificate</strong>: <br /> + <code>openssl x509 -in <em>mycertprotected.pem</em> > /etc/ssl/certs/freeDiameter.pem</code></li> + <li><strong>Get the CA certificate</strong>: <br /> + <code>wget --no-check-certificate "$config[base_url]index.php?stage=dl_root" -O /etc/ssl/certs/freeDiameter_testbed_CA.pem</code></li> + </ul> + Note: for the last step, you could also extract it directly from the PEM file you received.<br /> + Note: the CRL is also available from the website, but this feature is not tested yet.</td></tr> + + <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> + Configure freeDiameter</td> + + <td>Here is the configuration related to TLS that you should set in your <em>/etc/freeDiameter/freeDiameter.conf</em> file: + <blockquote>TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";<br /> +TLS_CA = "/etc/ssl/certs/freeDiameter_testbed_CA.pem";</blockquote></td></tr> + + + </table> + </center> + <br /><br /> <? printFooter(); } diff -Nur phpki-0.82/ca/request_cert.php phpki-0.82-fD/ca/request_cert.php --- phpki-0.82/ca/request_cert.php 2007-01-04 14:45:09.000000000 +0900 +++ phpki-0.82-fD/ca/request_cert.php 2010-05-27 16:59:16.000000000 +0900 @@ -197,6 +197,7 @@ switch($cert_type) { case 'server': + case 'freediameter': upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert'); break; case 'email': @@ -225,7 +226,7 @@ if (! $email) $email = ""; if (! $expiry) $expiry = 1; if (! $keysize) $keysize = 1024; - if (! $cert_type) $cert_type = 'email'; + if (! $cert_type) $cert_type = 'freediameter'; printHeader(); ?> @@ -302,13 +303,14 @@ <td>Certificate Use: </td> <td><select name=cert_type> <? - print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>'; - print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>'; - print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>'; - print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>'; - print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>'; - print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>'; - print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>'; + print '<option value="email" disabled '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>'; + print '<option value="email_signing" disabled '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>'; + print '<option value="server" disabled '.($cert_type=='server'?'selected':'').'>SSL Server</option>'; + print '<option value="freediameter" '.($cert_type=='freediameter'?'selected':'').'>freeDiameter node</option>'; + print '<option value="vpn_client" disabled '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>'; + print '<option value="vpn_server" disabled '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>'; + print '<option value="vpn_client_server" disabled '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>'; + print '<option value="time_stamping" disabled '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>'; ?> </select></td> </tr> diff -Nur phpki-0.82/include/openssl_functions.php phpki-0.82-fD/include/openssl_functions.php --- phpki-0.82/include/openssl_functions.php 2007-01-04 15:47:57.000000000 +0900 +++ phpki-0.82-fD/include/openssl_functions.php 2010-05-27 16:59:57.000000000 +0900 @@ -69,6 +69,13 @@ default_days = 365 policy = policy_supplied +[ freediameter_cert ] +x509_extensions = freediameter_ext +default_days = 730 +policy = policy_supplied + + + [ vpn_cert ] x509_extensions = vpn_client_server_ext default_days = 365 @@ -152,6 +159,24 @@ nsRevocationUrl = ns_revoke_query.php? nsCaPolicyUrl = $config[base_url]policy.html +[ freediameter_ext ] +basicConstraints = CA:false +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = critical, serverAuth, clientAuth +nsCertType = critical, server, client +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer:always +subjectAltName = DNS:$common_name,email:copy +issuerAltName = issuer:copy +crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl +nsComment = \"PHPki/OpenSSL Generated Secure Certificate for freeDiameter\" +nsBaseUrl = $config[base_url] +nsRevocationUrl = ns_revoke_query.php? +nsCaPolicyUrl = $config[base_url]policy.html + + + + [ time_stamping_ext ] basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature diff -Nur phpki-0.82/openssl.cnf phpki-0.82-fD/openssl.cnf --- phpki-0.82/openssl.cnf 2006-07-23 00:33:34.000000000 +0900 +++ phpki-0.82-fD/openssl.cnf 2010-05-27 17:00:33.000000000 +0900 @@ -39,6 +39,11 @@ default_days = 365 policy = policy_supplied +[ freediameter_cert ] +x509_extensions = freediameter_ext +default_days = 730 +policy = policy_supplied + [ vpn_cert ] x509_extensions = vpn_client_server_ext default_days = 365 @@ -115,6 +120,23 @@ nsRevocationUrl = ns_revoke_query.php? nsCaPolicyUrl = http://www.somewhere.com/phpki/policy.html +[ freediameter_ext ] +basicConstraints = CA:false +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = critical, serverAuth, clientAuth +nsCertType = critical, server, client +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer:always +subjectAltName = DNS:$common_name,email:copy +issuerAltName = issuer:copy +crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl +nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter" +nsBaseUrl = $config[base_url] +nsRevocationUrl = ns_revoke_query.php? +nsCaPolicyUrl = $config[base_url]policy.html + + + [ vpn_client_ext ] basicConstraints = critical, CA:false keyUsage = critical, digitalSignature diff -Nur phpki-0.82/setup.php phpki-0.82-fD/setup.php --- phpki-0.82/setup.php 2007-07-22 23:34:08.000000000 +0900 +++ phpki-0.82-fD/setup.php 2010-05-27 17:01:41.000000000 +0900 @@ -339,6 +339,11 @@ default_days = 365 policy = policy_supplied +[ freediameter_cert ] +x509_extensions = freediameter_ext +default_days = 730 +policy = policy_supplied + [ vpn_cert ] x509_extensions = vpn_client_server_ext default_days = 365 @@ -418,6 +423,22 @@ nsRevocationUrl = ns_revoke_query.php? nsCaPolicyUrl = $config[base_url]policy.html +[ freediameter_ext ] +basicConstraints = CA:false +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = critical, serverAuth, clientAuth +nsCertType = critical, server, client +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer:always +subjectAltName = DNS:$common_name,email:copy +issuerAltName = issuer:copy +crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl +nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter" +nsBaseUrl = $config[base_url] +nsRevocationUrl = ns_revoke_query.php? +nsCaPolicyUrl = $config[base_url]policy.html + + [ time_stamping_ext ] basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature diff -Nur phpki-0.82/setup.php-presetup phpki-0.82-fD/setup.php-presetup --- phpki-0.82/setup.php-presetup 2007-07-22 23:34:08.000000000 +0900 +++ phpki-0.82-fD/setup.php-presetup 2010-05-27 17:01:41.000000000 +0900 @@ -339,6 +339,11 @@ default_days = 365 policy = policy_supplied +[ freediameter_cert ] +x509_extensions = freediameter_ext +default_days = 730 +policy = policy_supplied + [ vpn_cert ] x509_extensions = vpn_client_server_ext default_days = 365 @@ -418,6 +423,22 @@ nsRevocationUrl = ns_revoke_query.php? nsCaPolicyUrl = $config[base_url]policy.html +[ freediameter_ext ] +basicConstraints = CA:false +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = critical, serverAuth, clientAuth +nsCertType = critical, server, client +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer:always +subjectAltName = DNS:$common_name,email:copy +issuerAltName = issuer:copy +crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl +nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter" +nsBaseUrl = $config[base_url] +nsRevocationUrl = ns_revoke_query.php? +nsCaPolicyUrl = $config[base_url]policy.html + + [ time_stamping_ext ] basicConstraints = CA:false keyUsage = critical, nonRepudiation, digitalSignature