prepare ssl-per-domain (customer setable), no cronjob-functionality yet (intended), refs #365
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -151,6 +151,15 @@ elseif($page == 'domains')
|
||||
$row['documentroot'] = makeCorrectDir(substr($row['documentroot'], strlen($userinfo['documentroot'])));
|
||||
}
|
||||
|
||||
// get ssl-ips if activated
|
||||
// FIXME for multi-ip later
|
||||
$show_ssledit = false;
|
||||
if ($settings['system']['use_ssl'] == '1'
|
||||
&& $row['ssl_ipandport'] != 0
|
||||
&& $row['caneditdomain'] == '1'
|
||||
) {
|
||||
$show_ssledit = true;
|
||||
}
|
||||
$row = htmlentities_array($row);
|
||||
eval("\$domains.=\"" . getTemplate("domains/domains_domain") . "\";");
|
||||
}
|
||||
@@ -634,5 +643,124 @@ elseif($page == 'domains')
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif ($page == 'domainssleditor') {
|
||||
|
||||
if ($action == ''
|
||||
|| $action == 'view'
|
||||
) {
|
||||
if (isset($_POST['send'])
|
||||
&& $_POST['send'] == 'send'
|
||||
) {
|
||||
|
||||
$ssl_cert_file = isset($_POST['ssl_cert_file']) ? $_POST['ssl_cert_file'] : '';
|
||||
$ssl_key_file = isset($_POST['ssl_key_file']) ? $_POST['ssl_key_file'] : '';
|
||||
$ssl_ca_file = isset($_POST['ssl_ca_file']) ? $_POST['ssl_ca_file'] : '';
|
||||
$ssl_cert_chainfile = isset($_POST['ssl_cert_chainfile']) ? $_POST['ssl_cert_chainfile'] : '';
|
||||
$do_insert = isset($_POST['do_insert']) ? (($_POST['do_insert'] == 1) ? true : false) : false;
|
||||
|
||||
if ($ssl_cert_file != '' && $ssl_key_file == '') {
|
||||
standard_error('sslcertificateismissingprivatekey');
|
||||
}
|
||||
|
||||
$do_verify = true;
|
||||
|
||||
// no cert-file given -> forget everything
|
||||
if ($ssl_cert_file == '') {
|
||||
$ssl_key_file = '';
|
||||
$ssl_ca_file = '';
|
||||
$ssl_cert_chainfile = '';
|
||||
$do_verify = false;
|
||||
}
|
||||
|
||||
// verify certificate content
|
||||
if ($do_verify) {
|
||||
// array openssl_x509_parse ( mixed $x509cert [, bool $shortnames = true ] )
|
||||
// openssl_x509_parse() returns information about the supplied x509cert, including fields such as
|
||||
// subject name, issuer name, purposes, valid from and valid to dates etc.
|
||||
$cert_content = openssl_x509_parse($ssl_cert_file);
|
||||
|
||||
if (is_array($cert_content)
|
||||
&& isset($cert_content['subject'])
|
||||
&& isset($cert_content['subject']['CN'])
|
||||
) {
|
||||
// TODO self-signed certs might differ and don't need/want this
|
||||
/*
|
||||
$domain = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAINS."` WHERE `id`='".(int)$id."'");
|
||||
if (strtolower($cert_content['subject']['CN']) != strtolower($idna_convert->decode($domain['domain']))) {
|
||||
standard_error('sslcertificatewrongdomain');
|
||||
}
|
||||
*/
|
||||
|
||||
// bool openssl_x509_check_private_key ( mixed $cert , mixed $key )
|
||||
// Checks whether the given key is the private key that corresponds to cert.
|
||||
if (openssl_x509_check_private_key($ssl_cert_file, $ssl_key_file) === false) {
|
||||
standard_error('sslcertificateinvalidcertkeypair');
|
||||
}
|
||||
|
||||
// check optional stuff
|
||||
if ($ssl_ca_file != '') {
|
||||
$ca_content = openssl_x509_parse($ssl_ca_file);
|
||||
if (!is_array($ca_content)) {
|
||||
// invalid
|
||||
standard_error('sslcertificateinvalidca');
|
||||
}
|
||||
}
|
||||
if ($ssl_cert_chainfile != '') {
|
||||
$chain_content = openssl_x509_parse($ssl_cert_chainfile);
|
||||
if (!is_array($chain_content)) {
|
||||
// invalid
|
||||
standard_error('sslcertificateinvalidchain');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
standard_error('sslcertificateinvalidcert');
|
||||
}
|
||||
}
|
||||
|
||||
// Add/Update database entry
|
||||
$qrystart = "UPDATE ";
|
||||
$qrywhere = "WHERE ";
|
||||
if ($do_insert) {
|
||||
$qrystart = "INSERT INTO ";
|
||||
$qrywhere = ", ";
|
||||
}
|
||||
$db->query($qrystart." `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` SET
|
||||
`ssl_cert_file` = '".$db->escape($ssl_cert_file)."',
|
||||
`ssl_key_file` = '".$db->escape($ssl_key_file)."',
|
||||
`ssl_ca_file` = '".$db->escape($ssl_ca_file)."',
|
||||
`ssl_cert_chainfile` = '".$db->escape($ssl_cert_chainfile)."'
|
||||
".$qrywhere." `domainid`='".(int)$id."';"
|
||||
);
|
||||
|
||||
// back to domain overview
|
||||
redirectTo($filename, array('page' => 'domains', 's' => $s));
|
||||
}
|
||||
|
||||
$result = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."`
|
||||
WHERE `domainid`='".(int)$id."';"
|
||||
);
|
||||
|
||||
$do_insert = false;
|
||||
// if no entry can be found, behave like we have empty values
|
||||
if (!is_array($result) || !isset($result['ssl_cert_file'])) {
|
||||
$result = array(
|
||||
'ssl_cert_file' => '',
|
||||
'ssl_key_file' => '',
|
||||
'ssl_ca_file' => '',
|
||||
'ssl_cert_chainfile' => ''
|
||||
);
|
||||
$do_insert = true;
|
||||
}
|
||||
|
||||
$result = htmlentities_array($result);
|
||||
|
||||
$ssleditor_data = include_once dirname(__FILE__).'/lib/formfields/customer/domains/formfield.domain_ssleditor.php';
|
||||
$ssleditor_form = htmlform::genHTMLForm($ssleditor_data);
|
||||
|
||||
$title = $ssleditor_data['domain_ssleditor']['title'];
|
||||
$image = $ssleditor_data['domain_ssleditor']['image'];
|
||||
|
||||
eval("echo \"" . getTemplate("domains/domain_ssleditor") . "\";");
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user