Some cleanup for SSL in rslight-lib.php.

Rocksolid_Light/rslight/scripts/rslight-lib.php

@@ -1215,6 +1215,7 @@ function get_article_list($thisgroup) {
 function create_node_ssl_cert($pemfile) {
     global $CONFIG, $ssldir, $webtmp, $config_dir;
     include $config_dir.'/letsencrypt.inc.php';
+    $uinfo=posix_getpwnam($CONFIG['webserver_user']);
     $pubkeyfile = $ssldir.'/pubkey.pem';
     
     if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) {
@@ -1224,9 +1225,8 @@ function create_node_ssl_cert($pemfile) {
     if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
         file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
         file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
-        copy($pubkeyfile, $webtmp.'/pubkey.txt');
-        return;
-    }
+        file_put_contents($webtmp.'/pubkey.txt', $letsencrypt['pubkey.pem']);
+    } else {
 /* Create self signed cert */
       $certificateData = array(
         "countryName" => "US",
@@ -1249,13 +1249,19 @@ function create_node_ssl_cert($pemfile) {
       openssl_x509_export($certificate, $pem[0]);
       openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
       $pem = implode($pem);
-    
       $pubkey=openssl_pkey_get_details($privateKey);
     
       // Save PEM file
       file_put_contents($pemfile, $pem);
       file_put_contents($pubkeyfile, $pubkey['key']);
-    copy($pubkeyfile, $webtmp.'/pubkey.txt');
+      file_put_contents($webtmp.'/pubkey.txt', $pubkey['key']);
+    }
+    chown($pemfile, $uinfo["uid"]);
+    chown($pubkeyfile, $uinfo["uid"]);
+    chown($webtmp.'/pubkey.txt', $uinfo["uid"]);
+    chmod($pemfile,0660);
+    chmod($pubkeyfile,0660);
+    chmod($webtmp.'/pubkey.txt',0660);
 }
 
 function create_certificate($pemfile, $pubkeyfile) {