From bd8569e1c7e615541e41b8aa8f7aa6f22918dd06 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 11 Oct 2024 14:09:09 +0200
Subject: [webinterface] Add event log messages for cert changes

---
 modules-available/webinterface/page.inc.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'modules-available/webinterface/page.inc.php')

diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php
index d21c627e..a2123ac5 100644
--- a/modules-available/webinterface/page.inc.php
+++ b/modules-available/webinterface/page.inc.php
@@ -132,7 +132,7 @@ class Page_WebInterface extends Page
 				// Admin might have modified web server config in another way
 				Message::addWarning('https-used-without-cert');
 			}
-		} elseif ($type === 'generated' || $type === 'supplied' || $type === 'acme') {
+		} elseif ($type === 'generated' || $type === 'supplied' || $type === 'acme' || $type === 'api') {
 			$data['httpsEnabled'] = true;
 			if ($force && !$https) {
 				Message::addWarning('https-want-redirect-is-plain');
@@ -250,10 +250,14 @@ class Page_WebInterface extends Page
 
 	private function setHttpsCustomCert(): ?string
 	{
-		$cert = Request::post('certificate', Request::REQUIRED, 'string');
-		$key = Request::post('privatekey', Request::REQUIRED, 'string');
-		$chain = Request::post('cachain', '', 'string');
-		return WebInterface::tmImportCustomCert($key, $cert, $chain);
+		$cert = trim(Request::post('certificate', Request::REQUIRED, 'string'));
+		$key = trim(Request::post('privatekey', Request::REQUIRED, 'string'));
+		$chain = trim(Request::post('cachain', '', 'string'));
+		if (!empty($chain)) {
+			$cert .= "\n" . $chain;
+		}
+		return WebInterface::tmImportCustomCert($key . "\n", $cert . "\n", 'supplied',
+			'New certificate uploaded by ' . User::getLogin());
 	}
 
 	private function setAcmeMode(): ?string
-- 
cgit v1.2.3-55-g7522