Fix some ssl bugs for letsencrypt.
This commit is contained in:
parent
3c100839eb
commit
ac5d85ef2f
|
@ -58,7 +58,7 @@
|
|||
GLOBAL $__server_listening;
|
||||
GLOBAL
|
||||
$CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path,
|
||||
$config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
|
||||
$config_path,$groupconfig,$workpath,$path,$spooldir,$ssldir,$nntp_group,$auth_ok;
|
||||
$logfile=$logdir.'/nntp.log';
|
||||
$lockfile = $lockdir . '/rslight-nntp-ssl.lock';
|
||||
$pid = file_get_contents($lockfile);
|
||||
|
@ -75,7 +75,7 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
|
|||
$pass = "";
|
||||
$pemfile = $ssldir.'/server.pem';
|
||||
if(!is_file($pemfile)) {
|
||||
create_certificate($pemfile);
|
||||
create_node_ssl_cert($pemfile);
|
||||
}
|
||||
$context = stream_context_create();
|
||||
stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
|
||||
|
|
|
@ -1210,21 +1210,24 @@ function get_article_list($thisgroup) {
|
|||
}
|
||||
|
||||
function create_node_ssl_cert($pemfile) {
|
||||
global $CONFIG, $ssldir, $webtmp, $config_dir;
|
||||
global $CONFIG, $ssldir, $webtmp, $logdir, $config_dir;
|
||||
include $config_dir.'/letsencrypt.inc.php';
|
||||
$logfile=$logdir.'/nntp.log';
|
||||
$uinfo=posix_getpwnam($CONFIG['webserver_user']);
|
||||
$pubkeyfile = $ssldir.'/pubkey.pem';
|
||||
$pubkeytxtfile = $webtmp.'/pubkey.txt';
|
||||
$ssltime = filectime($letsencrypt['path'].'fullchain.pem');
|
||||
if(isset($letsencrypt['path'])) {
|
||||
file_put_contents($logfile, "\n".format_log_date()." Checking ".$letsencrypt['path']."fullchain.pem time", FILE_APPEND);
|
||||
if($ssltime > filectime($pemfile)) {
|
||||
file_put_contents($logfile, "\n".format_log_date()." ".$letsencrypt['path']."fullchain.pem newer. Reloading cert.", FILE_APPEND);
|
||||
touch($config_dir.'/ssl.reload');
|
||||
}
|
||||
|
||||
}
|
||||
if(!file_exists($config_dir.'/ssl.reload')) {
|
||||
if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($pubkeytxtfile))) {
|
||||
if(md5_file($pubkeyfile) == md5_file($pubkeytxtfile)) {
|
||||
if(md5_file($pubkeyfile) == md5_file($pubkeytxtfile)) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
@ -1236,6 +1239,7 @@ function create_node_ssl_cert($pemfile) {
|
|||
/* Use letsencrypt */
|
||||
if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
|
||||
echo "Using existing LetsEncrypt certificate.\n";
|
||||
file_put_contents($logfile, "\n".format_log_date()." Using existing LetsEncrypt certificate.", FILE_APPEND);
|
||||
file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
|
||||
file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
|
||||
file_put_contents($pubkeytxtfile, $letsencrypt['pubkey.pem']);
|
||||
|
@ -1244,6 +1248,7 @@ function create_node_ssl_cert($pemfile) {
|
|||
touch($pubkeytxtfile, $ssltime);
|
||||
} else {
|
||||
/* Create self signed cert */
|
||||
file_put_contents($logfile, "\n".format_log_date()." Creating self-signed certificate.", FILE_APPEND);
|
||||
$certificateData = array(
|
||||
"countryName" => "US",
|
||||
"stateOrProvinceName" => "New York",
|
||||
|
@ -1279,4 +1284,8 @@ function create_node_ssl_cert($pemfile) {
|
|||
chmod($pubkeyfile,0660);
|
||||
chmod($pubkeytxtfile,0660);
|
||||
}
|
||||
|
||||
function format_log_date() {
|
||||
return date('M d H:i:s');
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue