Fixed: Several issue with SSL dialog (installer)

Fixed: Could not delete file /etc/imscp/imscp_services.pem: No such file or directory (installer) Typo +++ [ci skip]
i-MSCP · Apr 14, 2016 · ef98769 · ef98769
1 parent 3643783
commit ef98769
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 63 deletions.
diff --git a/engine/PerlLib/Package/FrontEnd/Installer.pm b/engine/PerlLib/Package/FrontEnd/Installer.pm
@@ -266,9 +266,11 @@ sub askSsl
 
     if (grep($_ eq $main::reconfigure, ( 'panel', 'panel_ssl', 'ssl', 'all', 'forced' ))
         || !grep($_ eq $sslEnabled, ( 'yes', 'no' ))
-        || $sslEnabled eq 'yes'
-        && (grep($_ eq $main::reconfigure, ( 'panel_hostname', 'hostnames' ))
-        || !-f "$main::imscpConfig{'CONF_DIR'}/$domainName.pem")
+        || ($sslEnabled eq 'yes'
+            && (grep($_ eq $main::reconfigure, ( 'panel_hostname', 'hostnames' ))
+                || !-f "$main::imscpConfig{'CONF_DIR'}/$domainName.pem"
+            )
+        )
     ) {
         # Ask for SSL
         ($rs, $sslEnabled) = $dialog->yesno( <<"EOF", $sslEnabled eq 'no' ? 1 : 0 );
@@ -378,14 +380,12 @@ EOF
             getMessageByType( 'error', { remove => 1 } );
             $dialog->msgbox( <<"EOF" );
 
-Your SSL certificate for the control panel is not valid.
+Your SSL certificate for the control panel is missing or not valid.
 EOF
-            $rs = iMSCP::File->new( filename => "$main::imscpConfig{'CONF_DIR'}/imscp_services.pem" )->delFile();
-            return $rs if $rs;
             goto &{askSsl};
         }
 
-        # In case the certificate is valid, we do not generate it again
+        # In case the certificate is valid, we skip SSL setup process
         main::setupSetQuestion( 'PANEL_SSL_SETUP', 'no' );
     }
 
@@ -718,29 +718,38 @@ sub _setupMasterAdmin
 sub _setupSsl
 {
     my $sslEnabled = main::setupGetQuestion( 'PANEL_SSL_ENABLED' );
-    my $panelSSLsetup = main::setupGetQuestion( 'PANEL_SSL_SETUP', 'yes' );
-    my $oldCertificatePath = $main::imscpOldConfig{'BASE_SERVER_VHOST'}
-            && $main::imscpOldConfig{'BASE_SERVER_VHOST'} ne ''
-        ? "$main::imscpConfig{'CONF_DIR'}/$main::imscpOldConfig{'BASE_SERVER_VHOST'}.pem"
-        : '';
-
-    # Remove old certificate if needed
-    if (($sslEnabled eq 'no' || $panelSSLsetup eq 'yes') && $oldCertificatePath ne '' && -f $oldCertificatePath) {
-        my $rs = iMSCP::File->new( filename => $oldCertificatePath )->delFile();
+    my $oldCertificate = $main::imscpOldConfig{'BASE_SERVER_VHOST'}
+        ? "$main::imscpOldConfig{'BASE_SERVER_VHOST'}.pem" : '';
+    my $domainName = main::setupGetQuestion( 'BASE_SERVER_VHOST' );
+
+    # Remove old certificate if any (handle case where panel hostname has been changed)
+    if ($oldCertificate ne ''
+        && $oldCertificate ne "$domainName.pem"
+        && -f "$main::imscpConfig{'CONF_DIR'}/$oldCertificate"
+    ) {
+        my $rs = iMSCP::File->new( filename => "$main::imscpConfig{'CONF_DIR'}/$oldCertificate" )->delFile();
         return $rs if $rs;
     }
 
-    return 0 unless $sslEnabled eq 'yes' && $panelSSLsetup eq 'yes';
+    if ($sslEnabled eq 'no' || main::setupGetQuestion( 'PANEL_SSL_SETUP', 'yes' ) eq 'no') {
+        if ($sslEnabled eq 'no ' && -f "$main::imscpConfig{'CONF_DIR'}/$domainName.pem") {
+            my $rs = iMSCP::File->new( filename => "$main::imscpConfig{'CONF_DIR'}/$domainName.pem" )->delFile();
+            return $rs if $rs;
+        }
 
-    my $domainName = main::setupGetQuestion( 'BASE_SERVER_VHOST' );
+        return 0;
+    }
 
     if (main::setupGetQuestion( 'PANEL_SSL_SELFSIGNED_CERTIFICATE' ) eq 'yes') {
         return iMSCP::OpenSSL->new(
             'certificate_chains_storage_dir' => $main::imscpConfig{'CONF_DIR'},
             'certificate_chain_name'         => $domainName
-        )->createSelfSignedCertificate( {
-                common_name => $domainName, email => $main::imscpConfig{'DEFAULT_ADMIN_ADDRESS'}
-            } );
+        )->createSelfSignedCertificate(
+            {
+                common_name => $domainName,
+                email       => $main::imscpConfig{'DEFAULT_ADMIN_ADDRESS'}
+            }
+        );
     }
 
     iMSCP::OpenSSL->new(

diff --git a/engine/PerlLib/iMSCP/OpenSSL.pm b/engine/PerlLib/iMSCP/OpenSSL.pm
@@ -25,12 +25,12 @@ package iMSCP::OpenSSL;
 
 use strict;
 use warnings;
+use File::Temp;
 use iMSCP::Debug;
-use iMSCP::File;
 use iMSCP::Execute;
-use iMSCP::TemplateParser;
+use iMSCP::File;
 use Date::Parse;
-use File::Temp;
+use iMSCP::TemplateParser;
 use parent 'Common::Object';
 
 =head1 DESCRIPTION
@@ -59,7 +59,7 @@ sub validatePrivateKey
     }
 
     unless (-f $self->{'private_key_container_path'}) {
-        error( sprintf( "The %s SSL private key doesn't exists", $self->{'private_key_container_path'} ) );
+        error( sprintf( "%s SSL private key doesn't exists", $self->{'private_key_container_path'} ) );
         return 1;
     }
 
@@ -79,7 +79,7 @@ sub validatePrivateKey
 
     my $rs = execute( "@cmd", \my $stdout, \my $stderr );
     debug( $stdout ) if $stdout;
-    error( sprintf( 'Could not import SSL private key from the %s file: %s', $self->{'private_key_container_path'},
+    error( sprintf( 'Could not import SSL private key from %s file: %s', $self->{'private_key_container_path'},
                 $stderr ? $stderr : 'unknown error' ) ) if $rs;
     $rs;
 }
@@ -104,7 +104,7 @@ sub validateCertificate
     }
 
     unless (-f $self->{'certificate_container_path'}) {
-        error( sprintf( "The %s SSL certificate doesn't exists", $self->{'certificate_container_path'} ) );
+        error( sprintf( "%s SSL certificate doesn't exists", $self->{'certificate_container_path'} ) );
         return 1;
     }
 
@@ -113,7 +113,7 @@ sub validateCertificate
         if (-f $self->{'ca_bundle_container_path'}) {
             $caBundle = 1;
         } else {
-            error( sprintf( "The %s SSL CA Bundle doesn't exists", $self->{'ca_bundle_container_path'} ) );
+            error( sprintf( "%s SSL CA Bundle doesn't exists", $self->{'ca_bundle_container_path'} ) );
             return 1;
         }
     }
@@ -200,7 +200,7 @@ sub importCertificate
     my $file = iMSCP::File->new( filename => $self->{'certificate_container_path'} );
     my $certificate = $file->get();
     unless (defined $certificate) {
-        error( sprintf( 'Could not read the %s file', $self->{'certificate_container_path'} ) );
+        error( sprintf( 'Could not read %s file', $self->{'certificate_container_path'} ) );
         return 1;
     }
 
@@ -238,7 +238,7 @@ sub importCaBundle
     my $file = iMSCP::File->new( filename => $self->{'ca_bundle_container_path'} );
     my $caBundle = $file->get();
     unless (defined $caBundle) {
-        error( sprintf( 'Could not read the %s file', $self->{'ca_bundle_container_path'} ) );
+        error( sprintf( 'Could not read %s file', $self->{'ca_bundle_container_path'} ) );
         return 1;
     }
 
@@ -255,7 +255,7 @@ sub importCaBundle
 
     $rs = execute( "@cmd", \my $stdout, \my $stderr );
     debug( $stdout ) if $stdout;
-    error( sprintf( 'Could not import the SSL CA Bundle: %s', $stderr || 'unknown error' ) ) if $rs;
+    error( sprintf( 'Could not import SSL CA Bundle: %s', $stderr || 'unknown error' ) ) if $rs;
     $rs;
 }
 
@@ -283,7 +283,7 @@ sub createSelfSignedCertificate
     # Load openssl configuration template file for self-signed SSL certificates
     my $openSSLConffileTplContent = iMSCP::File->new( filename => $openSSLConffileTpl )->get();
     unless (defined $openSSLConffileTplContent) {
-        error( sprintf( 'Could not load the %s openssl configuration template file', $openSSLConffileTpl ) );
+        error( sprintf( 'Could not load %s openssl configuration template file', $openSSLConffileTpl ) );
         return 1;
     }
 

diff --git a/engine/setup/imscp-setup-methods.pl b/engine/setup/imscp-setup-methods.pl
@@ -775,9 +775,12 @@ sub setupAskServicesSsl
 
     if(grep($_ eq $main::reconfigure, ( 'services_ssl', 'ssl', 'all', 'forced' ))
         || !grep($_ eq $sslEnabled, ( 'yes', 'no' ))
-        || $sslEnabled eq 'yes'
-        && (grep($_ eq $main::reconfigure, ( 'system_hostname', 'hostnames' ))
-        || !-f "$main::imscpConfig{'CONF_DIR'}/imscp_services.pem")
+        || ($sslEnabled eq 'yes'
+            && (
+                grep($_ eq $main::reconfigure, ( 'system_hostname', 'hostnames' ))
+                || !-f "$main::imscpConfig{'CONF_DIR'}/imscp_services.pem"
+            )
+        )
     ) {
         # Ask for SSL
         $rs = $dialog->yesno(<<"EOF", $sslEnabled eq 'no' ? 1 : 0);
@@ -878,14 +881,12 @@ sub setupAskServicesSsl
             getMessageByType('error', { remove => 1 });
             iMSCP::Dialog->getInstance()->msgbox(<<"EOF");
 
-Your SSL certificate for the SMTP, POP/IMAP and FTP services is not valid.
+Your SSL certificate for the SMTP, POP/IMAP and FTP services is missing or not valid.
 EOF
-            $rs = iMSCP::File->new( filename => "$main::imscpConfig{'CONF_DIR'}/imscp_services.pem" )->delFile();
-            return $rs if $rs;
             goto &{setupAskServicesSsl};
         }
 
-        # In case the certificate is valid, we do not generate it again
+        # In case the certificate is valid, we skip SSL setup process
         setupSetQuestion('SERVICES_SSL_SETUP', 'no');
     }
 
@@ -1092,39 +1093,37 @@ sub setupServerHostname
 
 sub setupServiceSsl
 {
-    my $hostname = setupGetQuestion('SERVER_HOSTNAME');
-    my $selfSignedCertificate = setupGetQuestion('SERVICES_SSL_SELFSIGNED_CERTIFICATE') eq 'yes' ? 1 : 0;
-    my $privateKeyPath = setupGetQuestion('SERVICES_SSL_PRIVATE_KEY_PATH');
-    my $passphrase = setupGetQuestion('SERVICES_SSL_PRIVATE_KEY_PASSPHRASE');
-    my $certificatePath = setupGetQuestion('SERVICES_SSL_CERTIFICATE_PATH');
-    my $caBundlePath = setupGetQuestion('SERVICES_SSL_CA_BUNDLE_PATH');
     my $sslEnabled = setupGetQuestion('SERVICES_SSL_ENABLED');
 
-    if($sslEnabled ne 'yes' || setupGetQuestion('SERVICES_SSL_SETUP', 'yes') ne 'yes') {
+    if($sslEnabled eq 'no' || setupGetQuestion('SERVICES_SSL_SETUP', 'yes') eq 'no') {
+        if($sslEnabled eq 'no' && -f "$main::imscpConfig{'CONF_DIR'}/imscp_services.pem") {
+            my $rs = iMSCP::File->new( filename => "$main::imscpConfig{'CONF_DIR'}/imscp_services.pem" )->delFile();
+            return $rs if $rs;
+        }
+
         return 0;
     }
 
-    if($selfSignedCertificate) {
-        my $rs = iMSCP::OpenSSL->new(
+    if(setupGetQuestion('SERVICES_SSL_SELFSIGNED_CERTIFICATE') eq 'yes') {
+        return iMSCP::OpenSSL->new(
             certificate_chains_storage_dir => $main::imscpConfig{'CONF_DIR'},
             certificate_chain_name => 'imscp_services'
-        )->createSelfSignedCertificate({
-            common_name => $hostname, email => $main::imscpConfig{'DEFAULT_ADMIN_ADDRESS'}
-        });
-        return $rs if $rs;
-    } else {
-        my $rs = iMSCP::OpenSSL->new(
-            certificate_chains_storage_dir => $main::imscpConfig{'CONF_DIR'},
-            certificate_chain_name => 'imscp_services',
-            private_key_container_path => $privateKeyPath,
-            private_key_passphrase => $passphrase,
-            certificate_container_path => $certificatePath,
-            ca_bundle_container_path => $caBundlePath
-        )->createCertificateChain();
-        return $rs if $rs;
+        )->createSelfSignedCertificate(
+            {
+                common_name => setupGetQuestion('SERVER_HOSTNAME'),
+                email => $main::imscpConfig{'DEFAULT_ADMIN_ADDRESS'}
+            }
+        );
     }
 
-    0;
+    iMSCP::OpenSSL->new(
+        certificate_chains_storage_dir => $main::imscpConfig{'CONF_DIR'},
+        certificate_chain_name => 'imscp_services',
+        private_key_container_path => setupGetQuestion('SERVICES_SSL_PRIVATE_KEY_PATH'),
+        private_key_passphrase => setupGetQuestion('SERVICES_SSL_PRIVATE_KEY_PASSPHRASE'),
+        certificate_container_path => setupGetQuestion('SERVICES_SSL_CERTIFICATE_PATH'),
+        ca_bundle_container_path => setupGetQuestion('SERVICES_SSL_CA_BUNDLE_PATH')
+    )->createCertificateChain();
 }
 
 sub setupServices