From a6cc0d8a3e914d675c5b75035336cef9b6effc3c Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Thu, 26 Dec 2013 11:35:49 +0000
Subject: [PATCH] allow to upload PEM certificates with junk data before cert
 data

---
 lam/lib/config.inc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lam/lib/config.inc b/lam/lib/config.inc
index b3fa513a..fc13e9f2 100644
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@@ -1625,10 +1625,15 @@ class LAMCfgMain {
 	 * @return mixed TRUE if format is correct, error message if file is not accepted
 	 */
 	public function uploadSSLCaCert($cert) {
-		if (strpos($cert, '-----BEGIN CERTIFICATE-----') !== 0) {
+		if (strpos($cert, '-----BEGIN CERTIFICATE-----') === false) {
 			$pem = @chunk_split(@base64_encode($cert), 64, "\n");
 			$cert = "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
 		}
+		else {
+			// remove any junk before first "-----BEGIN CERTIFICATE-----"
+			$pos = strpos($cert, '-----BEGIN CERTIFICATE-----');
+			$cert = substr($cert, $pos);
+		}
 		$pemData = @openssl_x509_parse($cert);
 		if ($pemData === false) {
 			return _('Please provide a file in DER or PEM format.');