diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index d1c012e9..7ba0acce 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -337,26 +337,52 @@ class apache { } if ($row_ipsandports['ssl_cert_file'] != '') { - $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n"; - // this makes it more secure, thx to Marcel (08/2013) - $this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n"; - $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n"; - if ($row_ipsandports['ssl_key_file'] != '') { - $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . "\n"; - } + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_cert_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n"; + } else { - if ($row_ipsandports['ssl_ca_file'] != '') { - $this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n"; - } + $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n"; + // this makes it more secure, thx to Marcel (08/2013) + $this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n"; - // #418 - if ($row_ipsandports['ssl_cert_chainfile'] != '') { - $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n"; - } + if ($row_ipsandports['ssl_key_file'] != '') { + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_key_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate key file "'.$row_ipsandports['ssl_key_file'].'" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate key file "'.$row_ipsandports['ssl_key_file'].'" does not exist! SSL-directives might not be working'."\n"; + } else { + $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . "\n"; + } + } + + if ($row_ipsandports['ssl_ca_file'] != '') { + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_ca_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n"; + } else { + $this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n"; + } + } + + // #418 + if ($row_ipsandports['ssl_cert_chainfile'] != '') { + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_cert_chainfile'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate chain file "'.$row_ipsandports['ssl_cert_chainfile'].'" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate chain file "'.$row_ipsandports['ssl_cert_chainfile'].'" does not exist! SSL-directives might not be working'."\n"; + } else { + $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n"; + } + } + } } } diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php index f02e7503..787ee383 100644 --- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php +++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php @@ -161,15 +161,28 @@ class lighttpd { } if ($row_ipsandports['ssl_cert_file'] != '') { - $this->lighttpd_data[$vhost_filename].= 'ssl.engine = "enable"' . "\n"; - $this->lighttpd_data[$vhost_filename].= 'ssl.use-sslv2 = "disable"' . "\n"; - $this->lighttpd_data[$vhost_filename].= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n"; - $this->lighttpd_data[$vhost_filename].= 'ssl.honor-cipher-order = "enable"' . "\n"; - $this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n"; - - if ($row_ipsandports['ssl_ca_file'] != '') { - $this->lighttpd_data[$vhost_filename].= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n"; - } + + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_cert_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ip.':'.$port . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create ssl-directives'); + echo $ip.':'.$port . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n"; + } else { + $this->lighttpd_data[$vhost_filename].= 'ssl.engine = "enable"' . "\n"; + $this->lighttpd_data[$vhost_filename].= 'ssl.use-sslv2 = "disable"' . "\n"; + $this->lighttpd_data[$vhost_filename].= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n"; + $this->lighttpd_data[$vhost_filename].= 'ssl.honor-cipher-order = "enable"' . "\n"; + $this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n"; + + if ($row_ipsandports['ssl_ca_file'] != '') { + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_ca_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ip.':'.$port . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! Cannot create ssl-directives'); + echo $ip.':'.port . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n"; + } else { + $this->lighttpd_data[$vhost_filename].= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n"; + } + } + } } } @@ -477,6 +490,7 @@ class lighttpd { } if ($domain['ssl_cert_file'] != '') { + $ssl_settings.= 'ssl.engine = "enable"' . "\n"; $ssl_settings.= 'ssl.use-sslv2 = "disable"' . "\n"; $ssl_settings.= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n"; diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index b2c1d69c..012c7abf 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -151,7 +151,7 @@ class nginx { if ($row_ipsandports['ssl_ca_file'] == '') { $row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file'); } - if ($row_ipsandports['ssl_cert_file'] != '') { + if ($row_ipsandports['ssl_cert_file'] != '' && file_exists($row_ipsandports['ssl_cert_file'])) { $ssl_vhost = true; } } @@ -194,6 +194,7 @@ class nginx { * SSL config options */ if ($row_ipsandports['ssl'] == '1') { + $row_ipsandports['domain'] = Settings::Get('system.hostname'); $this->nginx_data[$vhost_filename].=$this->composeSslSettings($row_ipsandports); } @@ -531,20 +532,39 @@ class nginx { } if ($domain['ssl_cert_file'] != '') { - // obsolete: ssl on now belongs to the listen block as 'ssl' at the end - //$sslsettings .= "\t" . 'ssl on;' . "\n"; - $sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n"; - $sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n"; - $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n"; - $sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain['ssl_cert_file']) . ';' . "\n"; - - if ($domain['ssl_key_file'] != '') { - $sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain['ssl_key_file']) . ';' . "\n"; - } - - if ($domain['ssl_ca_file'] != '') { - $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain['ssl_ca_file']) . ';' . "\n"; - } + + // check for existence, #1485 + if (!file_exists($domain['ssl_cert_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $domain['domain'] . ' :: certificate file "'.$domain['ssl_cert_file'].'" does not exist! Cannot create ssl-directives'); + echo $domain['domain'] . ' :: certificate file "'.$domain['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n"; + } else { + // obsolete: ssl on now belongs to the listen block as 'ssl' at the end + //$sslsettings .= "\t" . 'ssl on;' . "\n"; + $sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n"; + $sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n"; + $sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n"; + $sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain['ssl_cert_file']) . ';' . "\n"; + + if ($domain['ssl_key_file'] != '') { + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_key_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ipport . ' :: certificate key file "'.$domain['ssl_key_file'].'" does not exist! Cannot create ssl-directives'); + echo $ipport . ' :: certificate key file "'.$domain['ssl_key_file'].'" does not exist! SSL-directives might not be working'."\n"; + } else { + $sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain['ssl_key_file']) . ';' . "\n"; + } + } + + if ($domain['ssl_ca_file'] != '') { + // check for existence, #1485 + if (!file_exists($row_ipsandports['ssl_ca_file'])) { + $this->logger->logAction(CRON_ACTION, LOG_ERROR, $domain['domain'] . ' :: certificate CA file "'.$domain['ssl_ca_file'].'" does not exist! Cannot create ssl-directives'); + echo $domain['domain'] . ' :: certificate CA file "'.$domain['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n"; + } else { + $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain['ssl_ca_file']) . ';' . "\n"; + } + } + } } return $sslsettings;