From 8b0966d33254c51643da3a087559b3a63f059c89 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Sun, 16 Dec 2018 20:21:53 +0100
Subject: [PATCH] do not generate ssl vhost with fallback ssl-certificate if
 file does not exist, fixes #614

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 scripts/jobs/cron_tasks.inc.http.10.apache.php   | 10 ++++++++++
 scripts/jobs/cron_tasks.inc.http.20.lighttpd.php | 10 ++++++++++
 scripts/jobs/cron_tasks.inc.http.30.nginx.php    | 10 ++++++++++
 3 files changed, 30 insertions(+)

diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index 9dc817ed..7adfce2f 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -429,6 +429,11 @@ class apache extends HttpConfigBase
 				if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
 					if ($row_ipsandports['ssl_cert_file'] == '') {
 						$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
+						if (!file_exists($row_ipsandports['ssl_cert_file'])) {
+							// explicitly disable ssl for this vhost
+							$row_ipsandports['ssl_cert_file'] = "";
+							$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.Settings::Get('system.hostname').'"');
+						}
 					}
 					
 					if ($row_ipsandports['ssl_key_file'] == '') {
@@ -928,6 +933,11 @@ class apache extends HttpConfigBase
 		if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
 			if ($domain['ssl_cert_file'] == '') {
 				$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
+				if (!file_exists($domain['ssl_cert_file'])) {
+					// explicitly disable ssl for this vhost
+					$domain['ssl_cert_file'] = "";
+					$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.$domain['domain'].'"');
+				}
 			}
 			
 			if ($domain['ssl_key_file'] == '') {
diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
index cd182c49..0e361306 100644
--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
@@ -220,6 +220,11 @@ class lighttpd extends HttpConfigBase
 			if ($row_ipsandports['ssl'] == '1') {
 				if ($row_ipsandports['ssl_cert_file'] == '') {
 					$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
+					if (!file_exists($row_ipsandports['ssl_cert_file'])) {
+						// explicitly disable ssl for this vhost
+						$row_ipsandports['ssl_cert_file'] = "";
+						$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.Settings::Get('system.hostname').'"');
+					}
 				}
 
 				if ($row_ipsandports['ssl_ca_file'] == '') {
@@ -563,6 +568,11 @@ class lighttpd extends HttpConfigBase
 		if ($ssl_vhost === true && $domain['ssl'] == '1' && (int) Settings::Get('system.use_ssl') == 1) {
 			if ($domain['ssl_cert_file'] == '') {
 				$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
+				if (!file_exists($domain['ssl_cert_file'])) {
+					// explicitly disable ssl for this vhost
+					$domain['ssl_cert_file'] = "";
+					$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.$domain['domain'].'"');
+				}
 			}
 
 			if ($domain['ssl_ca_file'] == '') {
diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
index 8087338c..6aaf4850 100644
--- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php
+++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
@@ -170,6 +170,11 @@ class nginx extends HttpConfigBase
 				if ($row_ipsandports['ssl'] == '1') {
 					if ($row_ipsandports['ssl_cert_file'] == '') {
 						$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
+						if (!file_exists($row_ipsandports['ssl_cert_file'])) {
+							// explicitly disable ssl for this vhost
+							$row_ipsandports['ssl_cert_file'] = "";
+							$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.Settings::Get('system.hostname').'"');
+						}
 					}
 					if ($row_ipsandports['ssl_key_file'] == '') {
 						$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
@@ -615,6 +620,11 @@ class nginx extends HttpConfigBase
 
 		if ($domain_or_ip['ssl_cert_file'] == '') {
 			$domain_or_ip['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
+			if (!file_exists($domain_or_ip['ssl_cert_file'])) {
+				// explicitly disable ssl for this vhost
+				$domain_or_ip['ssl_cert_file'] = "";
+				$this->logger->logAction(CRON_ACTION, LOG_DEBUG, 'System certificate file "'.Settings::Get('system.ssl_cert_file').'" does not seem to exist. Disabling SSL-vhost for "'.$domain_or_ip['domain'].'"');
+			}
 		}
 
 		if ($domain_or_ip['ssl_key_file'] == '') {