Move ssl dir out of spool and write public key to file.

2022-12-11 21:51:56 +00:00 · 2022-12-11 21:51:56 +00:00 · 6bf60708cb
parent 5e22a45cb7
commit 6bf60708cb
4 changed files with 45 additions and 37 deletions
--- a/Rocksolid_Light/rocksolid/config.inc.php
+++ b/Rocksolid_Light/rocksolid/config.inc.php
@ -29,6 +29,7 @@ $CONFIG = include($config_file);

 $logdir=$spooldir.'/log';
 $lockdir=$spooldir.'/lock';
+$ssldir=$config_dir.'/ssl';

 if(!file_exists($config_dir.'/debug')) {
  ini_set('error_reporting', E_ERROR );
--- a/Rocksolid_Light/rslight/scripts/cron.php
+++ b/Rocksolid_Light/rslight/scripts/cron.php
@ -34,20 +34,23 @@
  exec($CONFIG['php_exec']." ".$config_dir."/scripts/count_users.php");
  echo "Updated user count\n";

+  $uinfo=posix_getpwnam($CONFIG['webserver_user']);
  $cwd = getcwd();
  $webtmp = preg_replace('/spoolnews/','tmp',$cwd);
  @mkdir($webtmp,0755,'recursive');
-  @chown($webtmp, $CONFIG['webserver_user']);
-  @chgrp($webtmp, $CONFIG['webserver_user']);
+  @chown($webtmp, $uinfo["uid"]);
+  @chgrp($webtmp, $uinfo["gid"]);
+  @mkdir($ssldir,0755);
+  @chown($ssldir, $uinfo["uid"]);
+  @chgrp($ssldir, $uinfo["gid"]);

 # Fix this. It shouldn't be necessary
  $overview = $spooldir.'/articles-overview.db3';
  touch($overview);
-  @chown($overview, $CONFIG['webserver_user']);
-  @chgrp($overview, $CONFIG['webserver_user']);
+  @chown($overview, $uinfo["uid"]);
+  @chgrp($overview, $uinfo["gid"]);

 /* Change to non root user */
-  $uinfo=posix_getpwnam($CONFIG['webserver_user']);
  change_identity($uinfo["uid"],$uinfo["gid"]);
 /* Everything below runs as $CONFIG['webserver_user'] */

--- a/Rocksolid_Light/rslight/scripts/nntp-ssl.php
+++ b/Rocksolid_Light/rslight/scripts/nntp-ssl.php
@ -57,7 +57,7 @@
    {
        GLOBAL $__server_listening;
        GLOBAL 
-$CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path,
+$CONFIG,$logdir,$lockdir,$ssldir,$webserver_uid,$webserver_gid,$installed_path,
 $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
 	$logfile=$logdir.'/nntp.log';
 	$lockfile = $lockdir . '/rslight-nntp-ssl.lock';
@ -73,9 +73,10 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
 	$auth_ok = 0;
 	$user = "";
 	$pass = "";
-	$pemfile = $spooldir.'/server.pem';
-	if(!is_file($pemfile)) {
-	  create_certificate($pemfile);
+	$pemfile = $ssldir.'/server.pem';
+	$pubkeyfile = $ssldir.'/pubkey.pem';
+	if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
+	    create_certificate($pemfile, $pubkeyfile);
 	}	
 	$context = stream_context_create();
 	stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
@ -159,32 +160,4 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
            fclose($csock);
        }
    }
-
-function create_certificate($pemfile) {
-global $CONFIG;
-$certificateData = array(
-    "countryName" => "US",
-    "stateOrProvinceName" => "New York",
-    "localityName" => "New York City",
-    "organizationName" => "Rocksolid",
-    "organizationalUnitName" => "Rocksolid Light",
-    "commonName" => $CONFIG['organization'],
-    "emailAddress" => "rocksolid@example.com"
-);
- 
-// Generate certificate
-$privateKey = openssl_pkey_new();
-$certificate = openssl_csr_new($certificateData, $privateKey);
-$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
-
-// Generate PEM file
-$pem_passphrase = null; // empty for no passphrase
-$pem = array();
-openssl_x509_export($certificate, $pem[0]);
-openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
-$pem = implode($pem);
-
-// Save PEM file
-file_put_contents($pemfile, $pem);
-}
 ?>
--- a/Rocksolid_Light/rslight/scripts/rslight-lib.php
+++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php
@ -1211,4 +1211,35 @@ function get_article_list($thisgroup) {
  $dbh = null;
  return(array_unique($ok_article));
 }
+
+function create_certificate($pemfile, $pubkeyfile) {
+    global $CONFIG;
+    $certificateData = array(
+        "countryName" => "US",
+        "stateOrProvinceName" => "New York",
+        "localityName" => "New York City",
+        "organizationName" => "Rocksolid",
+        "organizationalUnitName" => "Rocksolid Light",
+        "commonName" => $CONFIG['organization'],
+        "emailAddress" => "rocksolid@example.com"
+    );
+    
+    // Generate certificate
+    $privateKey = openssl_pkey_new();
+    $certificate = openssl_csr_new($certificateData, $privateKey);
+    $certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
+    
+    // Generate PEM file
+    $pem_passphrase = null; // empty for no passphrase
+    $pem = array();
+    openssl_x509_export($certificate, $pem[0]);
+    openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
+    $pem = implode($pem);
+    
+    $pubkey=openssl_pkey_get_details($privateKey);
+    
+    // Save PEM file
+    file_put_contents($pemfile, $pem);
+    file_put_contents($pubkeyfile, $pubkey['key']);
+}
 ?>