Projet

Général

Profil

« Précédent | Suivant » 

Révision 7c4c77ee

Ajouté par jim-p il y a plus de 9 ans

Teach the certificate generation code how to make a self-signed certificate, and change the GUI cert generation code to use it. Also, move the GUI cert generation code to its own function so we can add a GUI option to regenerate it later.
Also use some more sane defaults for the contents of the default self-signed certificate's fields so it will be more unique and less likely to trigger problems in browser certificate storage handling.

Voir les différences:

etc/inc/system.inc
830 830 
	return $retval;
831 831 
}
832 832 

  		




  
  833
  
    
function system_webgui_create_certificate() {


  		




  
  834
  
    
	global $config, $g;


  		




  
  835
  
    

  		




  
  836
  
    
	if (!is_array($config['ca']))


  		




  
  837
  
    
		$config['ca'] = array();


  		




  
  838
  
    
	$a_ca =& $config['ca'];


  		




  
  839
  
    
	if (!is_array($config['cert']))


  		




  
  840
  
    
		$config['cert'] = array();


  		




  
  841
  
    
	$a_cert =& $config['cert'];


  		




  
  842
  
    
	log_error("Creating SSL Certificate for this host");


  		




  
  843
  
    

  		




  
  844
  
    
	$cert = array();


  		




  
  845
  
    
	$cert['refid'] = uniqid();


  		




  
  846
  
    
	$cert['descr'] = gettext("webConfigurator default");


  		




  
  847
  
    

  		




  
  848
  
    
	$dn = array(


  		




  
  849
  
    
		'countryName' => "US",


  		




  
  850
  
    
		'stateOrProvinceName' => "State",


  		




  
  851
  
    
		'localityName' => "Locality",


  		




  
  852
  
    
		'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate",


  		




  
  853
  
    
		'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}",


  		




  
  854
  
    
		'commonName' => $config['system']['hostname'] . '-' . uniqid());


  		




  
  855
  
    
	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */


  		




  
  856
  
    
	if (!cert_create($cert, null, 2048, 2000, $dn, "self-signed", "sha256")){


  		




  
  857
  
    
		while($ssl_err = openssl_error_string()){


  		




  
  858
  
    
			log_error("Error creating WebGUI Certificate: openssl library returns: " . $ssl_err);


  		




  
  859
  
    
		}


  		




  
  860
  
    
		error_reporting($old_err_level);


  		




  
  861
  
    
		return null;


  		




  
  862
  
    
	}


  		




  
  863
  
    
	error_reporting($old_err_level);


  		




  
  864
  
    

  		




  
  865
  
    
	$a_cert[] = $cert;


  		




  
  866
  
    
	$config['system']['webgui']['ssl-certref'] = $cert['refid'];


  		




  
  867
  
    
	write_config(gettext("Importing HTTPS certificate"));


  		




  
  868
  
    
	return $cert;


  		




  
  869
  
    
}


  		




  
  870
  
    

  		




  833
  871
  
    
function system_webgui_start() {


  		




  834
  872
  
    
	global $config, $g;


  		




  835
  873
  
    

  		




  ......




  852
  890
  
    
		// Ensure that we have a webConfigurator CERT


  		




  853
  891
  
    
		$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);


  		




  854
  892
  
    
		if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) {


  		




  855
  
  
    
			if (!is_array($config['ca']))


  		




  856
  
  
    
				$config['ca'] = array();


  		




  857
  
  
    
			$a_ca =& $config['ca'];


  		




  858
  
  
    
			if (!is_array($config['cert']))


  		




  859
  
  
    
				$config['cert'] = array();


  		




  860
  
  
    
			$a_cert =& $config['cert'];


  		




  861
  
  
    
			log_error("Creating SSL Certificate for this host");


  		




  862
  
  
    
			$cert = array();


  		




  863
  
  
    
			$cert['refid'] = uniqid();


  		




  864
  
  
    
			$cert['descr'] = gettext("webConfigurator default");


  		




  865
  
  
    
			mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");


  		




  866
  
  
    
			mwexec("/usr/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");


  		




  867
  
  
    
			$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");


  		




  868
  
  
    
			$key = file_get_contents("{$g['tmp_path']}/ssl.key");


  		




  869
  
  
    
			unlink("{$g['tmp_path']}/ssl.key");


  		




  870
  
  
    
			unlink("{$g['tmp_path']}/ssl.crt");


  		




  871
  
  
    
			cert_import($cert, $crt, $key);


  		




  872
  
  
    
			$a_cert[] = $cert;


  		




  873
  
  
    
			$config['system']['webgui']['ssl-certref'] = $cert['refid'];


  		




  874
  
  
    
			write_config(gettext("Importing HTTPS certificate"));


  		




  875
  
  
    
			if(!$config['system']['webgui']['port'])


  		




  876
  
  
    
				$portarg = "443";


  		




  877
  
  
    
			$ca = ca_chain($cert);


  		




  
  893
  
    
			$cert = system_webgui_create_certificate();


  		




  
  894
  
    
			$crt = $cert['crt'];


  		




  
  895
  
    
			$key = $cert['prv'];


  		




  878
  896
  
    
		} else {


  		




  879
  897
  
    
			$crt = base64_decode($cert['crt']);


  		




  880
  898
  
    
			$key = base64_decode($cert['prv']);


  		




  881
  
  
    
			if(!$config['system']['webgui']['port'])


  		




  882
  
  
    
				$portarg = "443";


  		




  883
  
  
    
			$ca = ca_chain($cert);


  		




  884
  899
  
    
		}


  		




  
  900
  
    

  		




  
  901
  
    
		if(!$config['system']['webgui']['port'])


  		




  
  902
  
    
			$portarg = "443";


  		




  
  903
  
    
		$ca  = ca_chain($cert);


  		




  885
  904
  
    
	}


  		




  886
  905
  
    

  		




  887
  906
  
    
	/* generate lighttpd configuration */


  		












Formats disponibles :  Unified diff