Move ssl dir out of spool and write public key to file.

This commit is contained in:
Retro_Guy 2022-12-11 21:51:56 +00:00
parent 5e22a45cb7
commit 6bf60708cb
4 changed files with 45 additions and 37 deletions

View File

@ -29,6 +29,7 @@ $CONFIG = include($config_file);
$logdir=$spooldir.'/log';
$lockdir=$spooldir.'/lock';
$ssldir=$config_dir.'/ssl';
if(!file_exists($config_dir.'/debug')) {
ini_set('error_reporting', E_ERROR );

View File

@ -34,20 +34,23 @@
exec($CONFIG['php_exec']." ".$config_dir."/scripts/count_users.php");
echo "Updated user count\n";
$uinfo=posix_getpwnam($CONFIG['webserver_user']);
$cwd = getcwd();
$webtmp = preg_replace('/spoolnews/','tmp',$cwd);
@mkdir($webtmp,0755,'recursive');
@chown($webtmp, $CONFIG['webserver_user']);
@chgrp($webtmp, $CONFIG['webserver_user']);
@chown($webtmp, $uinfo["uid"]);
@chgrp($webtmp, $uinfo["gid"]);
@mkdir($ssldir,0755);
@chown($ssldir, $uinfo["uid"]);
@chgrp($ssldir, $uinfo["gid"]);
# Fix this. It shouldn't be necessary
$overview = $spooldir.'/articles-overview.db3';
touch($overview);
@chown($overview, $CONFIG['webserver_user']);
@chgrp($overview, $CONFIG['webserver_user']);
@chown($overview, $uinfo["uid"]);
@chgrp($overview, $uinfo["gid"]);
/* Change to non root user */
$uinfo=posix_getpwnam($CONFIG['webserver_user']);
change_identity($uinfo["uid"],$uinfo["gid"]);
/* Everything below runs as $CONFIG['webserver_user'] */

View File

@ -57,7 +57,7 @@
{
GLOBAL $__server_listening;
GLOBAL
$CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path,
$CONFIG,$logdir,$lockdir,$ssldir,$webserver_uid,$webserver_gid,$installed_path,
$config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
$logfile=$logdir.'/nntp.log';
$lockfile = $lockdir . '/rslight-nntp-ssl.lock';
@ -73,9 +73,10 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
$auth_ok = 0;
$user = "";
$pass = "";
$pemfile = $spooldir.'/server.pem';
if(!is_file($pemfile)) {
create_certificate($pemfile);
$pemfile = $ssldir.'/server.pem';
$pubkeyfile = $ssldir.'/pubkey.pem';
if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
create_certificate($pemfile, $pubkeyfile);
}
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
@ -159,32 +160,4 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
fclose($csock);
}
}
function create_certificate($pemfile) {
global $CONFIG;
$certificateData = array(
"countryName" => "US",
"stateOrProvinceName" => "New York",
"localityName" => "New York City",
"organizationName" => "Rocksolid",
"organizationalUnitName" => "Rocksolid Light",
"commonName" => $CONFIG['organization'],
"emailAddress" => "rocksolid@example.com"
);
// Generate certificate
$privateKey = openssl_pkey_new();
$certificate = openssl_csr_new($certificateData, $privateKey);
$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
// Generate PEM file
$pem_passphrase = null; // empty for no passphrase
$pem = array();
openssl_x509_export($certificate, $pem[0]);
openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
$pem = implode($pem);
// Save PEM file
file_put_contents($pemfile, $pem);
}
?>

View File

@ -1211,4 +1211,35 @@ function get_article_list($thisgroup) {
$dbh = null;
return(array_unique($ok_article));
}
function create_certificate($pemfile, $pubkeyfile) {
global $CONFIG;
$certificateData = array(
"countryName" => "US",
"stateOrProvinceName" => "New York",
"localityName" => "New York City",
"organizationName" => "Rocksolid",
"organizationalUnitName" => "Rocksolid Light",
"commonName" => $CONFIG['organization'],
"emailAddress" => "rocksolid@example.com"
);
// Generate certificate
$privateKey = openssl_pkey_new();
$certificate = openssl_csr_new($certificateData, $privateKey);
$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
// Generate PEM file
$pem_passphrase = null; // empty for no passphrase
$pem = array();
openssl_x509_export($certificate, $pem[0]);
openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
$pem = implode($pem);
$pubkey=openssl_pkey_get_details($privateKey);
// Save PEM file
file_put_contents($pemfile, $pem);
file_put_contents($pubkeyfile, $pubkey['key']);
}
?>