Skip to content

Commit 868c2ca

Browse files
jcameronjcameron
committed
Fix backup and restore for CA cert
1 parent 22ac9b5 commit 868c2ca

File tree

1 file changed

+19
-19
lines changed

1 file changed

+19
-19
lines changed

feature-ssl.pl

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -800,33 +800,29 @@ sub enable_ssl
800800
# Save the SSL virtual server's Apache config as a separate file
801801
sub backup_ssl
802802
{
803-
local ($d, $file) = @_;
803+
my ($d, $file) = @_;
804804
&$first_print($text{'backup_sslcp'});
805805

806806
# Save the apache directives
807-
local ($virt, $vconf) = &get_apache_virtual($d->{'dom'},
808-
$d->{'web_sslport'});
807+
my ($virt, $vconf) = &get_apache_virtual($d->{'dom'}, $d->{'web_sslport'});
809808
if ($virt) {
810-
local $lref = &read_file_lines($virt->{'file'});
809+
my $lref = &read_file_lines($virt->{'file'});
811810
&open_tempfile_as_domain_user($d, FILE, ">$file");
812811
foreach my $l (@$lref[$virt->{'line'} .. $virt->{'eline'}]) {
813812
&print_tempfile(FILE, "$l\n");
814813
}
815814
&close_tempfile_as_domain_user($d, FILE);
816815

817816
# Save the cert and key, if any
818-
local $cert = &apache::find_directive("SSLCertificateFile", $vconf, 1);
817+
my $cert = &get_website_ssl_file($d, "cert");
819818
if ($cert) {
820819
&copy_write_as_domain_user($d, $cert, $file."_cert");
821820
}
822-
local $key = &apache::find_directive("SSLCertificateKeyFile", $vconf,1);
821+
my $key = &get_website_ssl_file($d, "key");
823822
if ($key && $key ne $cert) {
824823
&copy_write_as_domain_user($d, $key, $file."_key");
825824
}
826-
local $ca = &apache::find_directive("SSLCACertificateFile", $vconf,1);
827-
if (!$ca) {
828-
$ca = &apache::find_directive("SSLCertificateChainFile", $vconf,1);
829-
}
825+
my $ca = &get_website_ssl_file($d, "ca");
830826
if ($ca) {
831827
&copy_write_as_domain_user($d, $ca, $file."_ca");
832828
}
@@ -886,31 +882,35 @@ sub restore_ssl
886882
if (!$d->{'ssl_same'}) {
887883
# Restore the cert and key, if any and if saved and if not
888884
# shared with another domain
889-
my $cert = $d->{'ssl_cert'} ||
890-
&apache::find_directive("SSLCertificateFile", $vconf, 1);
885+
my $cert = &get_website_ssl_file($d, "cert");
891886
if ($cert && -r $file."_cert") {
892887
&lock_file($cert);
893888
&write_ssl_file_contents($d, $cert, $file."_cert");
894889
&unlock_file($cert);
895890
&save_website_ssl_file($d, "cert", $cert);
896891
}
897-
my $key = $d->{'ssl_key'} ||
898-
&apache::find_directive("SSLCertificateKeyFile", $vconf,1);
892+
my $key = &get_website_ssl_file($d, "key");
899893
if ($key && -r $file."_key" && $key ne $cert) {
900894
&lock_file($key);
901895
&write_ssl_file_contents($d, $key, $file."_key");
902896
&unlock_file($key);
903897
&save_website_ssl_file($d, "key", $key);
904898
}
905-
my $ca = $d->{'ssl_chain'} ||
906-
&apache::find_directive("SSLCACertificateFile", $vconf,1) ||
907-
&apache::find_directive("SSLCertificateChainFile", $vconf, 1);
908-
if ($ca && -r $file."_ca") {
899+
my $ca = &get_website_ssl_file($d, "ca");
900+
if (-r $file."_ca") {
901+
# CA in the backup, so add one if needed
902+
if (!$ca) {
903+
$ca = &default_certificate_file($d, "ca");
904+
}
909905
&lock_file($ca);
910906
&write_ssl_file_contents($d, $ca, $file."_ca");
911907
&unlock_file($ca);
912-
&save_website_ssl_file($d, "ca", $ca);
913908
}
909+
else {
910+
# No CA in the backup, so clear current setting
911+
$ca = undef;
912+
}
913+
&save_website_ssl_file($d, "ca", $ca);
914914
&refresh_ssl_cert_expiry($d);
915915
&sync_combined_ssl_cert($d);
916916
}

0 commit comments

Comments
 (0)