Some cleanup for SSL in rslight-lib.php.
This commit is contained in:
parent
fba529ef91
commit
8cc1e4388c
|
@ -1215,6 +1215,7 @@ function get_article_list($thisgroup) {
|
||||||
function create_node_ssl_cert($pemfile) {
|
function create_node_ssl_cert($pemfile) {
|
||||||
global $CONFIG, $ssldir, $webtmp, $config_dir;
|
global $CONFIG, $ssldir, $webtmp, $config_dir;
|
||||||
include $config_dir.'/letsencrypt.inc.php';
|
include $config_dir.'/letsencrypt.inc.php';
|
||||||
|
$uinfo=posix_getpwnam($CONFIG['webserver_user']);
|
||||||
$pubkeyfile = $ssldir.'/pubkey.pem';
|
$pubkeyfile = $ssldir.'/pubkey.pem';
|
||||||
|
|
||||||
if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) {
|
if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) {
|
||||||
|
@ -1224,11 +1225,10 @@ function create_node_ssl_cert($pemfile) {
|
||||||
if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
|
if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
|
||||||
file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
|
file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
|
||||||
file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
|
file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
|
||||||
copy($pubkeyfile, $webtmp.'/pubkey.txt');
|
file_put_contents($webtmp.'/pubkey.txt', $letsencrypt['pubkey.pem']);
|
||||||
return;
|
} else {
|
||||||
}
|
|
||||||
/* Create self signed cert */
|
/* Create self signed cert */
|
||||||
$certificateData = array(
|
$certificateData = array(
|
||||||
"countryName" => "US",
|
"countryName" => "US",
|
||||||
"stateOrProvinceName" => "New York",
|
"stateOrProvinceName" => "New York",
|
||||||
"localityName" => "New York City",
|
"localityName" => "New York City",
|
||||||
|
@ -1236,26 +1236,32 @@ function create_node_ssl_cert($pemfile) {
|
||||||
"organizationalUnitName" => "Rocksolid Light",
|
"organizationalUnitName" => "Rocksolid Light",
|
||||||
"commonName" => $CONFIG['organization'],
|
"commonName" => $CONFIG['organization'],
|
||||||
"emailAddress" => "rocksolid@example.com"
|
"emailAddress" => "rocksolid@example.com"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Generate certificate
|
// Generate certificate
|
||||||
$privateKey = openssl_pkey_new();
|
$privateKey = openssl_pkey_new();
|
||||||
$certificate = openssl_csr_new($certificateData, $privateKey);
|
$certificate = openssl_csr_new($certificateData, $privateKey);
|
||||||
$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
|
$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
|
||||||
|
|
||||||
// Generate PEM file
|
// Generate PEM file
|
||||||
$pem_passphrase = null; // empty for no passphrase
|
$pem_passphrase = null; // empty for no passphrase
|
||||||
$pem = array();
|
$pem = array();
|
||||||
openssl_x509_export($certificate, $pem[0]);
|
openssl_x509_export($certificate, $pem[0]);
|
||||||
openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
|
openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
|
||||||
$pem = implode($pem);
|
$pem = implode($pem);
|
||||||
|
$pubkey=openssl_pkey_get_details($privateKey);
|
||||||
|
|
||||||
$pubkey=openssl_pkey_get_details($privateKey);
|
// Save PEM file
|
||||||
|
file_put_contents($pemfile, $pem);
|
||||||
// Save PEM file
|
file_put_contents($pubkeyfile, $pubkey['key']);
|
||||||
file_put_contents($pemfile, $pem);
|
file_put_contents($webtmp.'/pubkey.txt', $pubkey['key']);
|
||||||
file_put_contents($pubkeyfile, $pubkey['key']);
|
}
|
||||||
copy($pubkeyfile, $webtmp.'/pubkey.txt');
|
chown($pemfile, $uinfo["uid"]);
|
||||||
|
chown($pubkeyfile, $uinfo["uid"]);
|
||||||
|
chown($webtmp.'/pubkey.txt', $uinfo["uid"]);
|
||||||
|
chmod($pemfile,0660);
|
||||||
|
chmod($pubkeyfile,0660);
|
||||||
|
chmod($webtmp.'/pubkey.txt',0660);
|
||||||
}
|
}
|
||||||
|
|
||||||
function create_certificate($pemfile, $pubkeyfile) {
|
function create_certificate($pemfile, $pubkeyfile) {
|
||||||
|
|
Loading…
Reference in New Issue