From 8cc1e4388ccec63044dee0a6782ed6bfea80ca80 Mon Sep 17 00:00:00 2001 From: Retro_Guy Date: Mon, 9 Jan 2023 04:39:38 +0000 Subject: [PATCH] Some cleanup for SSL in rslight-lib.php. --- .../rslight/scripts/rslight-lib.php | 46 +++++++++++-------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/Rocksolid_Light/rslight/scripts/rslight-lib.php b/Rocksolid_Light/rslight/scripts/rslight-lib.php index 27fb131..c33ce36 100755 --- a/Rocksolid_Light/rslight/scripts/rslight-lib.php +++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php @@ -1215,6 +1215,7 @@ function get_article_list($thisgroup) { function create_node_ssl_cert($pemfile) { global $CONFIG, $ssldir, $webtmp, $config_dir; include $config_dir.'/letsencrypt.inc.php'; + $uinfo=posix_getpwnam($CONFIG['webserver_user']); $pubkeyfile = $ssldir.'/pubkey.pem'; if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) { @@ -1224,11 +1225,10 @@ function create_node_ssl_cert($pemfile) { if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) { file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']); file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']); - copy($pubkeyfile, $webtmp.'/pubkey.txt'); - return; - } + file_put_contents($webtmp.'/pubkey.txt', $letsencrypt['pubkey.pem']); + } else { /* Create self signed cert */ - $certificateData = array( + $certificateData = array( "countryName" => "US", "stateOrProvinceName" => "New York", "localityName" => "New York City", @@ -1236,26 +1236,32 @@ function create_node_ssl_cert($pemfile) { "organizationalUnitName" => "Rocksolid Light", "commonName" => $CONFIG['organization'], "emailAddress" => "rocksolid@example.com" - ); + ); // Generate certificate - $privateKey = openssl_pkey_new(); - $certificate = openssl_csr_new($certificateData, $privateKey); - $certificate = openssl_csr_sign($certificate, null, $privateKey, 365); + $privateKey = openssl_pkey_new(); + $certificate = openssl_csr_new($certificateData, $privateKey); + $certificate = openssl_csr_sign($certificate, null, $privateKey, 365); - // Generate PEM file - $pem_passphrase = null; // empty for no passphrase - $pem = array(); - openssl_x509_export($certificate, $pem[0]); - openssl_pkey_export($privateKey, $pem[1], $pem_passphrase); - $pem = implode($pem); + // Generate PEM file + $pem_passphrase = null; // empty for no passphrase + $pem = array(); + openssl_x509_export($certificate, $pem[0]); + openssl_pkey_export($privateKey, $pem[1], $pem_passphrase); + $pem = implode($pem); + $pubkey=openssl_pkey_get_details($privateKey); - $pubkey=openssl_pkey_get_details($privateKey); - - // Save PEM file - file_put_contents($pemfile, $pem); - file_put_contents($pubkeyfile, $pubkey['key']); - copy($pubkeyfile, $webtmp.'/pubkey.txt'); + // Save PEM file + file_put_contents($pemfile, $pem); + file_put_contents($pubkeyfile, $pubkey['key']); + file_put_contents($webtmp.'/pubkey.txt', $pubkey['key']); + } + chown($pemfile, $uinfo["uid"]); + chown($pubkeyfile, $uinfo["uid"]); + chown($webtmp.'/pubkey.txt', $uinfo["uid"]); + chmod($pemfile,0660); + chmod($pubkeyfile,0660); + chmod($webtmp.'/pubkey.txt',0660); } function create_certificate($pemfile, $pubkeyfile) {