novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 22 Pull Requests Releases Wiki Activity

Fix some ssl bugs for letsencrypt.

This commit is contained in:
Retro_Guy 2023-07-10 11:20:08 -07:00
parent 3c100839eb
commit ac5d85ef2f
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Rocksolid_Light/rslight/scripts/nntp-ssl.php
View File

@ -58,7 +58,7 @@
GLOBAL $__server_listening; GLOBAL $__server_listening;
GLOBAL GLOBAL
$CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path, $CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path,
$config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok; $config_path,$groupconfig,$workpath,$path,$spooldir,$ssldir,$nntp_group,$auth_ok;
$logfile=$logdir.'/nntp.log'; $logfile=$logdir.'/nntp.log';
$lockfile = $lockdir . '/rslight-nntp-ssl.lock'; $lockfile = $lockdir . '/rslight-nntp-ssl.lock';
$pid = file_get_contents($lockfile); $pid = file_get_contents($lockfile);
@ -75,7 +75,7 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
$pass = ""; $pass = "";
$pemfile = $ssldir.'/server.pem'; $pemfile = $ssldir.'/server.pem';
if(!is_file($pemfile)) { if(!is_file($pemfile)) {
create_certificate($pemfile); create_node_ssl_cert($pemfile);
} }
$context = stream_context_create(); $context = stream_context_create();
stream_context_set_option($context, 'ssl', 'local_cert', $pemfile); stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);

13
Rocksolid_Light/rslight/scripts/rslight-lib.php
View File

@ -1210,21 +1210,24 @@ function get_article_list($thisgroup) {
} }
function create_node_ssl_cert($pemfile) { function create_node_ssl_cert($pemfile) {
global $CONFIG, $ssldir, $webtmp, $config_dir; global $CONFIG, $ssldir, $webtmp, $logdir, $config_dir;
include $config_dir.'/letsencrypt.inc.php'; include $config_dir.'/letsencrypt.inc.php';
$logfile=$logdir.'/nntp.log';
$uinfo=posix_getpwnam($CONFIG['webserver_user']); $uinfo=posix_getpwnam($CONFIG['webserver_user']);
$pubkeyfile = $ssldir.'/pubkey.pem'; $pubkeyfile = $ssldir.'/pubkey.pem';
$pubkeytxtfile = $webtmp.'/pubkey.txt'; $pubkeytxtfile = $webtmp.'/pubkey.txt';
$ssltime = filectime($letsencrypt['path'].'fullchain.pem'); $ssltime = filectime($letsencrypt['path'].'fullchain.pem');
if(isset($letsencrypt['path'])) { if(isset($letsencrypt['path'])) {
file_put_contents($logfile, "\n".format_log_date()." Checking ".$letsencrypt['path']."fullchain.pem time", FILE_APPEND);
if($ssltime > filectime($pemfile)) { if($ssltime > filectime($pemfile)) {
file_put_contents($logfile, "\n".format_log_date()." ".$letsencrypt['path']."fullchain.pem newer. Reloading cert.", FILE_APPEND);
touch($config_dir.'/ssl.reload'); touch($config_dir.'/ssl.reload');
} }
} }
if(!file_exists($config_dir.'/ssl.reload')) { if(!file_exists($config_dir.'/ssl.reload')) {
if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($pubkeytxtfile))) { if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($pubkeytxtfile))) {
if(md5_file($pubkeyfile) == md5_file($pubkeytxtfile)) { if(md5_file($pubkeyfile) == md5_file($pubkeytxtfile)) {
return; return;
} }
} }
@ -1236,6 +1239,7 @@ function create_node_ssl_cert($pemfile) {
/* Use letsencrypt */ /* Use letsencrypt */
if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) { if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
echo "Using existing LetsEncrypt certificate.\n"; echo "Using existing LetsEncrypt certificate.\n";
file_put_contents($logfile, "\n".format_log_date()." Using existing LetsEncrypt certificate.", FILE_APPEND);
file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']); file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']); file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
file_put_contents($pubkeytxtfile, $letsencrypt['pubkey.pem']); file_put_contents($pubkeytxtfile, $letsencrypt['pubkey.pem']);
@ -1244,6 +1248,7 @@ function create_node_ssl_cert($pemfile) {
touch($pubkeytxtfile, $ssltime); touch($pubkeytxtfile, $ssltime);
} else { } else {
/* Create self signed cert */ /* Create self signed cert */
file_put_contents($logfile, "\n".format_log_date()." Creating self-signed certificate.", FILE_APPEND);
$certificateData = array( $certificateData = array(
"countryName" => "US", "countryName" => "US",
"stateOrProvinceName" => "New York", "stateOrProvinceName" => "New York",
@ -1279,4 +1284,8 @@ function create_node_ssl_cert($pemfile) {
chmod($pubkeyfile,0660); chmod($pubkeyfile,0660);
chmod($pubkeytxtfile,0660); chmod($pubkeytxtfile,0660);
} }
function format_log_date() {
return date('M d H:i:s');
}
?> ?>