many bugfixed : installer not allowed to have . in its name, vhost-mixssl is 'advanced', no echo in finalize, <br> added to multiple error message in finalize
This commit is contained in:
Benjamin Sonntag
parent
a9f7c16b34
commit
0342350a62
|
|
@ -12,10 +12,10 @@ case "$1" in
|
||||||
/usr/lib/alternc/quota_init ssl 0
|
/usr/lib/alternc/quota_init ssl 0
|
||||||
|
|
||||||
echo "Installing mysql table"
|
echo "Installing mysql table"
|
||||||
mysql --defaults-file=/etc/alternc/my.cnf < /usr/share/alternc/install/ssl.sql
|
mysql --defaults-file=/etc/alternc/my.cnf -f < /usr/share/alternc/install/ssl.sql || true
|
||||||
|
|
||||||
# Create default quota "ssl" with value 0
|
# Create default quota "ssl" with value 0
|
||||||
mysql --defaults-file=/etc/alternc/my.cnf -Bse "INSERT INTO defquotas VALUES ('ssl', 0, 'default')" || true
|
mysql --defaults-file=/etc/alternc/my.cnf -fBse "INSERT INTO defquotas VALUES ('ssl', 0, 'default')" || true
|
||||||
|
|
||||||
echo "installing required apache modules"
|
echo "installing required apache modules"
|
||||||
a2enmod ssl
|
a2enmod ssl
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@
|
||||||
|
|
||||||
install:
|
install:
|
||||||
install -m 0644 -g root -o root ssl.sql $(DESTDIR)/usr/share/alternc/install/
|
install -m 0644 -g root -o root ssl.sql $(DESTDIR)/usr/share/alternc/install/
|
||||||
install -m 0755 -g root -o root alternc-ssl.install.php $(DESTDIR)/usr/lib/alternc/install.d/
|
install -m 0755 -g root -o root alternc-ssl.install.php $(DESTDIR)/usr/lib/alternc/install.d/alternc-ssl
|
||||||
|
|
||||||
# incron
|
# incron
|
||||||
install -m 0755 -g root -o root ssl_alias_manager.sh $(DESTDIR)/usr/lib/alternc/
|
install -m 0755 -g root -o root ssl_alias_manager.sh $(DESTDIR)/usr/lib/alternc/
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ if ($argv[1] == "before-reload") {
|
||||||
('vhost-ssl', 'Locally hosted forcing HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);");
|
('vhost-ssl', 'Locally hosted forcing HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);");
|
||||||
|
|
||||||
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
|
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
|
||||||
('vhost-mixssl', 'Locally hosted HTTP and HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);");
|
('vhost-mixssl', 'Locally hosted HTTP and HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 1);");
|
||||||
|
|
||||||
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
|
$db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES
|
||||||
('panel-ssl', 'AlternC panel access WITH SSL', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'ip,ipv6,cname,txt,mx,mx2,defmx,defmx2', 'ALL', 0, 0, 1);");
|
('panel-ssl', 'AlternC panel access WITH SSL', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'ip,ipv6,cname,txt,mx,mx2,defmx,defmx2', 'ALL', 0, 0, 1);");
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ $fields = array(
|
||||||
getFields($fields);
|
getFields($fields);
|
||||||
|
|
||||||
$cert = $ssl->finalize($id, $crt, $chain);
|
$cert = $ssl->finalize($id, $crt, $chain);
|
||||||
echo $ssl->error;
|
|
||||||
$error = $err->errstr();
|
$error = $err->errstr();
|
||||||
if ($error) {
|
if ($error) {
|
||||||
require_once("ssl_list.php");
|
require_once("ssl_list.php");
|
||||||
|
|
|
||||||
|
|
@ -591,18 +591,18 @@ class m_ssl {
|
||||||
|
|
||||||
if (substr($crt, 0, 28) != "-----BEGIN CERTIFICATE-----\n" ||
|
if (substr($crt, 0, 28) != "-----BEGIN CERTIFICATE-----\n" ||
|
||||||
substr($crt, -26, 26) != "-----END CERTIFICATE-----\n") {
|
substr($crt, -26, 26) != "-----END CERTIFICATE-----\n") {
|
||||||
$this->error.=_("The certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.") . "\n";
|
$this->error.=_("The certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.") . "<br>\n";
|
||||||
}
|
}
|
||||||
if ($chain &&
|
if ($chain &&
|
||||||
(substr($chain, 0, 28) != "-----BEGIN CERTIFICATE-----\n" ||
|
(substr($chain, 0, 28) != "-----BEGIN CERTIFICATE-----\n" ||
|
||||||
substr($chain, -26, 26) != "-----END CERTIFICATE-----\n")) {
|
substr($chain, -26, 26) != "-----END CERTIFICATE-----\n")) {
|
||||||
$this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.") . "\n";
|
$this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.") . "<br>\n";
|
||||||
}
|
}
|
||||||
if ((substr($key, 0, 32) != "-----BEGIN RSA PRIVATE KEY-----\n" ||
|
if ((substr($key, 0, 32) != "-----BEGIN RSA PRIVATE KEY-----\n" ||
|
||||||
substr($key, -30, 30) != "-----END RSA PRIVATE KEY-----\n") &&
|
substr($key, -30, 30) != "-----END RSA PRIVATE KEY-----\n") &&
|
||||||
(substr($key, 0, 28) != "-----BEGIN PRIVATE KEY-----\n" ||
|
(substr($key, 0, 28) != "-----BEGIN PRIVATE KEY-----\n" ||
|
||||||
substr($key, -26, 26) != "-----END PRIVATE KEY-----\n")) {
|
substr($key, -26, 26) != "-----END PRIVATE KEY-----\n")) {
|
||||||
$this->error.=_("The private key must begin by BEGIN (RSA )PRIVATE KEY and end by END (RSA )PRIVATE KEY lines. Please check you pasted it in PEM form.") . "\n";
|
$this->error.=_("The private key must begin by BEGIN (RSA )PRIVATE KEY and end by END (RSA )PRIVATE KEY lines. Please check you pasted it in PEM form.") . "<br>\n";
|
||||||
}
|
}
|
||||||
if ($this->error) {
|
if ($this->error) {
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -638,7 +638,7 @@ class m_ssl {
|
||||||
$i++;
|
$i++;
|
||||||
$tmpr = openssl_x509_read($tmpcert);
|
$tmpr = openssl_x509_read($tmpcert);
|
||||||
if ($tmpr === false) {
|
if ($tmpr === false) {
|
||||||
$this->error.=sprintf(_("The %d-th certificate in the chain is invalid"), $i) . "\n";
|
$this->error.=sprintf(_("The %d-th certificate in the chain is invalid"), $i) . "<br>\n";
|
||||||
} else {
|
} else {
|
||||||
$rchains[] = $tmpr;
|
$rchains[] = $tmpr;
|
||||||
}
|
}
|
||||||
|
|
@ -646,34 +646,34 @@ class m_ssl {
|
||||||
$rcrt = openssl_x509_read($crt);
|
$rcrt = openssl_x509_read($crt);
|
||||||
$crtdata = openssl_x509_parse($crt);
|
$crtdata = openssl_x509_parse($crt);
|
||||||
if ($rcrt === false || $crtdata === false) {
|
if ($rcrt === false || $crtdata === false) {
|
||||||
$this->error.=_("The certificate is invalid.") . "\n";
|
$this->error.=_("The certificate is invalid.") . "<br>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
$rkey = openssl_pkey_get_private($key);
|
$rkey = openssl_pkey_get_private($key);
|
||||||
if ($rkey === false) {
|
if ($rkey === false) {
|
||||||
$this->error.=_("The private key is invalid.") . "\n";
|
$this->error.=_("The private key is invalid.") . "<br>\n";
|
||||||
}
|
}
|
||||||
if (!$this->error) {
|
if (!$this->error) {
|
||||||
// check that the private key and the certificates are matching :
|
// check that the private key and the certificates are matching :
|
||||||
if (!openssl_x509_check_private_key($rcrt, $rkey)) {
|
if (!openssl_x509_check_private_key($rcrt, $rkey)) {
|
||||||
$this->error.=_("The private key is not the one signed inside the certificate.") . "\n";
|
$this->error.=_("The private key is not the one signed inside the certificate.") . "<br>\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!$this->error) {
|
if (!$this->error) {
|
||||||
// Everything is fine, let's recreate crt, chain, key from our internal OpenSSL structures:
|
// Everything is fine, let's recreate crt, chain, key from our internal OpenSSL structures:
|
||||||
if (!openssl_x509_export($rcrt, $crt)) {
|
if (!openssl_x509_export($rcrt, $crt)) {
|
||||||
$this->error.=_("Can't export your certificate as a string, please check its syntax.") . "\n";
|
$this->error.=_("Can't export your certificate as a string, please check its syntax.") . "<br>\n";
|
||||||
}
|
}
|
||||||
$chain = "";
|
$chain = "";
|
||||||
foreach ($rchains as $r) {
|
foreach ($rchains as $r) {
|
||||||
if (!openssl_x509_export($r, $tmp)) {
|
if (!openssl_x509_export($r, $tmp)) {
|
||||||
$this->error.=_("Can't export one of your chained certificates as a string, please check its syntax.") . "\n";
|
$this->error.=_("Can't export one of your chained certificates as a string, please check its syntax.") . "<br>\n";
|
||||||
} else {
|
} else {
|
||||||
$chain.=$tmp;
|
$chain.=$tmp;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!openssl_pkey_export($rkey, $key)) {
|
if (!openssl_pkey_export($rkey, $key)) {
|
||||||
$this->error.=_("Can't export your private key as a string, please check its syntax.") . "\n";
|
$this->error.=_("Can't export your private key as a string, please check its syntax.") . "<br>\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return array($crt, $chain, $key, $crtdata);
|
return array($crt, $chain, $key, $crtdata);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue