coosld/dnsmgr
1
0
Fork 0
mirror of https://github.com/netcccyun/dnsmgr.git synced 2026-02-21 15:31:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 又拍云SSL不兼容的特化处理

Browse Source
This commit is contained in:
net909 2025-12-25 10:27:28 +08:00
parent b19cabcbfd
commit ebdc34cf4b
4 changed files with 26 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/controller/Cert.php
View File

@ -304,10 +304,6 @@ class Cert extends BaseController
}
}
if ($certInfo['keytype'] == 'ECC') {
$privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
}
$order = [
'aid' => 0,
'keytype' => $certInfo['keytype'],
@ -371,10 +367,6 @@ class Cert extends BaseController
if ($certInfo['code'] == -1) return json($certInfo);
$domains = $certInfo['domains'];
if ($certInfo['keytype'] == 'ECC') {
$privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
}
$order = [
'aid' => 0,
'keytype' => $certInfo['keytype'],

18
app/lib/CertHelper.php
View File

@ -407,24 +407,6 @@ location / {
return false;
}
/**
* 确保ECC私钥使用EC专用格式标识
* 某些程序需要EC标识才能正确识别ECC私钥
*/
public static function ensureECPrivateKeyFormat($private_key)
{
if (strpos($private_key, '-----BEGIN EC PRIVATE KEY-----') !== false) {
return $private_key;
}
if (strpos($private_key, '-----BEGIN PRIVATE KEY-----') !== false) {
$private_key = preg_replace('/^-----BEGIN PRIVATE KEY-----$/m', '-----BEGIN EC PRIVATE KEY-----', $private_key);
$private_key = preg_replace('/^-----END PRIVATE KEY-----$/m', '-----END EC PRIVATE KEY-----', $private_key);
}
return $private_key;
}
public static function getPfx($fullchain, $privatekey, $pwd = '123456')
{
openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd);

5
app/lib/acme/ACMECert.php
View File

@ -4,7 +4,6 @@ namespace app\lib\acme;
use Exception;
use stdClass;
use app\lib\CertHelper;
/**
* ACMECert
@ -369,12 +368,10 @@ class ACMECert extends ACMEv2
if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !');
$map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1');
if (isset($map[$curve_name])) $curve_name = $map[$curve_name];
$pem = $this->generateKey(array(
return $this->generateKey(array(
'curve_name' => $curve_name,
'private_key_type' => OPENSSL_KEYTYPE_EC
));
return CertHelper::ensureECPrivateKeyFormat($pem);
}
public function parseCertificate($cert_pem)

26
app/lib/deploy/upyun.php
View File

@ -31,9 +31,15 @@ class upyun implements DeployInterface
$this->login();
$url = 'https://console.upyun.com/api/https/certificate/';
// 如果是 EC 证书,调整私钥头为 EC PRIVATE KEY
$privatekey_send = $privatekey;
if ($this->isEcCertificate($fullchain)) {
$privatekey_send = str_replace('-----BEGIN PRIVATE KEY-----', '-----BEGIN EC PRIVATE KEY-----', $privatekey_send);
$privatekey_send = str_replace('-----END PRIVATE KEY-----', '-----END EC PRIVATE KEY-----', $privatekey_send);
}
$params = [
'certificate' => $fullchain,
'private_key' => $privatekey,
'private_key' => $privatekey_send,
];
$response = http_request($url, http_build_query($params), null, $this->cookie, null, $this->proxy);
$result = json_decode($response['body'], true);
@ -130,4 +136,22 @@ class upyun implements DeployInterface
call_user_func($this->logger, $txt);
}
}
/**
* 判断是否为 EC (ECDSA) 证书
*/
private function isEcCertificate($fullchain)
{
// 提取第一个证书
if (!preg_match('/-----BEGIN CERTIFICATE-----\s*(.+?)\s*-----END CERTIFICATE-----/s', $fullchain, $m)) {
return false;
}
$pubKey = openssl_pkey_get_public($m[0]);
if (!$pubKey) return false;
$details = openssl_pkey_get_details($pubKey);
return $details && ($details['type'] ?? 0) === OPENSSL_KEYTYPE_EC;
}
}