Commit 53ab4352 authored by Jon Pugh's avatar Jon Pugh

Issue #3020747 by Jon Pugh: Don't add SSL config to configuration files if the...

Issue #3020747 by Jon Pugh: Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects). Adding ssl_cert_ok property.
parent c8904bda
<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
<?php if ($this->ssl_enabled && $this->ssl_key && $this->ssl_cert_ok) : ?>
<VirtualHost <?php print "{$ip_address}:{$http_ssl_port}"; ?>>
<?php if ($this->site_mail) : ?>
......
......@@ -9,6 +9,7 @@
class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
public $template = 'vhost_ssl.tpl.php';
public $disabled_template = 'vhost_ssl_disabled.tpl.php';
public $ssl_cert_ok = TRUE;
public $description = 'encrypted virtual host configuration';
......@@ -28,23 +29,29 @@ class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
// XXX: test. data structure may not be sound. try d($this->uri)
// if $this fails
Provision_Service_http_ssl::assign_certificate_site($this->ssl_key, $this);
// Copy the certificates to the server's ssl.d directory.
provision_file()->copy(
$this->data['ssl_cert_source'],
$this->data['ssl_cert'])
|| drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place'));
provision_file()->copy(
$this->data['ssl_cert_key_source'],
$this->data['ssl_cert_key'])
|| drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place'));
if (!provision_file()->copy($this->data['ssl_cert_source'], $this->data['ssl_cert'])->status()) {
drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place'));
$this->ssl_cert_ok = FALSE;
}
if (!provision_file()->copy($this->data['ssl_cert_key_source'], $this->data['ssl_cert_key'])->status()) {
drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place'));
$this->ssl_cert_ok = FALSE;
}
// Copy the chain certificate, if it is set.
if (!empty($this->data['ssl_chain_cert_source'])) {
provision_file()->copy(
$this->data['ssl_chain_cert_source'],
$this->data['ssl_chain_cert'])
|| drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place'));
if (!provision_file()->copy($this->data['ssl_chain_cert_source'], $this->data['ssl_chain_cert'])->status()) {
drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place'));
$this->ssl_cert_ok = FALSE;
}
}
// If cert is not ok, turn off ssl_redirection.
if ($this->ssl_cert_ok == FALSE) {
$this->data['ssl_redirection'] = FALSE;
}
// Sync the key directory to the remote server.
$this->data['server']->sync($path, array(
'exclude' => "{$path}/*.receipt", // Don't need to synch the receipts
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment