check for existence of ssl-related files for ip/port vhost in order to avoid the webserver to be unable to restart when the cronjob runs; fixes #1485

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2015-07-28 15:41:31 +02:00
parent 222841f09b
commit 26a41a0672
3 changed files with 101 additions and 41 deletions
--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
@@ -161,15 +161,28 @@ class lighttpd {
 				}

 				if ($row_ipsandports['ssl_cert_file'] != '') {
-					$this->lighttpd_data[$vhost_filename].= 'ssl.engine = "enable"' . "\n";
-					$this->lighttpd_data[$vhost_filename].= 'ssl.use-sslv2 = "disable"' . "\n";
-					$this->lighttpd_data[$vhost_filename].= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
-					$this->lighttpd_data[$vhost_filename].= 'ssl.honor-cipher-order = "enable"' . "\n";
-					$this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n";
-
-					if ($row_ipsandports['ssl_ca_file'] != '') {
-						$this->lighttpd_data[$vhost_filename].= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n";
-					}
+				    
+				    // check for existence, #1485
+				    if (!file_exists($row_ipsandports['ssl_cert_file'])) {
+				        $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ip.':'.$port . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
+				        echo $ip.':'.$port . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n";
+				    } else {
+    					$this->lighttpd_data[$vhost_filename].= 'ssl.engine = "enable"' . "\n";
+    					$this->lighttpd_data[$vhost_filename].= 'ssl.use-sslv2 = "disable"' . "\n";
+    					$this->lighttpd_data[$vhost_filename].= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
+    					$this->lighttpd_data[$vhost_filename].= 'ssl.honor-cipher-order = "enable"' . "\n";
+    					$this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n";
+    
+    					if ($row_ipsandports['ssl_ca_file'] != '') {
+    					    // check for existence, #1485
+    					    if (!file_exists($row_ipsandports['ssl_ca_file'])) {
+    					        $this->logger->logAction(CRON_ACTION, LOG_ERROR, $ip.':'.$port . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! Cannot create ssl-directives');
+    					        echo $ip.':'.port . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n";
+    					    } else {
+    						  $this->lighttpd_data[$vhost_filename].= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n";
+    					    }
+    					}
+				    }
 				}
 			}

@@ -477,6 +490,7 @@ class lighttpd {
 			}

 			if ($domain['ssl_cert_file'] != '') {
+			    
 				$ssl_settings.= 'ssl.engine = "enable"' . "\n";
 				$ssl_settings.= 'ssl.use-sslv2 = "disable"' . "\n";
 				$ssl_settings.= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";