maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

cron/nginx: remove ssl_client_certificate

Browse Source 
Adding the CA certificate to an nginx vhost via ssl_client_certificate is
outright wrong. Moreover, the CA certificate data is already written to
the certificate file itself (class.DomainSSL.php:83-85).

fixes #1650
This commit is contained in:
Daniel Reichelt
2016-09-16 07:50:10 +02:00
parent d8b6d87ade
commit 41e769d681
1 changed files with 0 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -628,15 +628,6 @@ class nginx extends HttpConfigBase {
}
}
if ($domain_or_ip['ssl_ca_file'] != '') {
// check for existence, #1485
if (!file_exists($domain_or_ip['ssl_ca_file'])) {
$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate CA file "'.$domain_or_ip['ssl_ca_file'].'" does not exist! Cannot create ssl-directives');
} else {
$sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n";
}
}
if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
if ($domain_or_ip['hsts_sub'] == 1) {