Some cleanup for SSL in rslight-lib.php.

2023-01-09 04:39:38 +00:00 · 2023-01-09 04:39:38 +00:00 · 8cc1e4388c
parent fba529ef91
commit 8cc1e4388c
1 changed files with 26 additions and 20 deletions
--- a/Rocksolid_Light/rslight/scripts/rslight-lib.php
+++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php
@ -1215,6 +1215,7 @@ function get_article_list($thisgroup) {
 function create_node_ssl_cert($pemfile) {
    global $CONFIG, $ssldir, $webtmp, $config_dir;
    include $config_dir.'/letsencrypt.inc.php';
+    $uinfo=posix_getpwnam($CONFIG['webserver_user']);
    $pubkeyfile = $ssldir.'/pubkey.pem';
    
    if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) {
@ -1224,11 +1225,10 @@ function create_node_ssl_cert($pemfile) {
    if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
        file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
        file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
-        copy($pubkeyfile, $webtmp.'/pubkey.txt');
-        return;
-    }
+        file_put_contents($webtmp.'/pubkey.txt', $letsencrypt['pubkey.pem']);
+    } else {
 /* Create self signed cert */
-    $certificateData = array(
+      $certificateData = array(
        "countryName" => "US",
        "stateOrProvinceName" => "New York",
        "localityName" => "New York City",
@ -1236,26 +1236,32 @@ function create_node_ssl_cert($pemfile) {
        "organizationalUnitName" => "Rocksolid Light",
        "commonName" => $CONFIG['organization'],
        "emailAddress" => "rocksolid@example.com"
-    );
+      );
    
    // Generate certificate
-    $privateKey = openssl_pkey_new();
-    $certificate = openssl_csr_new($certificateData, $privateKey);
-    $certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
+      $privateKey = openssl_pkey_new();
+      $certificate = openssl_csr_new($certificateData, $privateKey);
+      $certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
    
-    // Generate PEM file
-    $pem_passphrase = null; // empty for no passphrase
-    $pem = array();
-    openssl_x509_export($certificate, $pem[0]);
-    openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
-    $pem = implode($pem);
+      // Generate PEM file
+      $pem_passphrase = null; // empty for no passphrase
+      $pem = array();
+      openssl_x509_export($certificate, $pem[0]);
+      openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
+      $pem = implode($pem);
+      $pubkey=openssl_pkey_get_details($privateKey);
    
-    $pubkey=openssl_pkey_get_details($privateKey);
-    
-    // Save PEM file
-    file_put_contents($pemfile, $pem);
-    file_put_contents($pubkeyfile, $pubkey['key']);
-    copy($pubkeyfile, $webtmp.'/pubkey.txt');
+      // Save PEM file
+      file_put_contents($pemfile, $pem);
+      file_put_contents($pubkeyfile, $pubkey['key']);
+      file_put_contents($webtmp.'/pubkey.txt', $pubkey['key']);
+    }
+    chown($pemfile, $uinfo["uid"]);
+    chown($pubkeyfile, $uinfo["uid"]);
+    chown($webtmp.'/pubkey.txt', $uinfo["uid"]);
+    chmod($pemfile,0660);
+    chmod($pubkeyfile,0660);
+    chmod($webtmp.'/pubkey.txt',0660);
 }

 function create_certificate($pemfile, $pubkeyfile) {