Employ config option for OpenSSL config file, if provided.

This should help make OpenSSL configuration on Windows servers easier by allowing the openssl.cnf file to be set directly in the ownCloud config, rather than in SetEnv commands that don't exist and are hard to replicate in IIS.

diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index 7eab620baa5f892a9f37a07d60ec61eefd605c21..c009718160ae360d47b4abce3822d9c9fea6fcde 100755 (executable)
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -52,15 +52,14 @@ class Crypt {
 \r
                $return = false;\r
 \r
-               $res = \OCA\Encryption\Helper::getOpenSSLPkey();\r
-               $res = openssl_pkey_new(array('private_key_bits' => 4096));\r
+               $res = Helper::getOpenSSLPkey();\r
 \r
                if ($res === false) {\r
                        \OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);\r
                        while ($msg = openssl_error_string()) {\r
                                \OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails:  ' . $msg, \OCP\Util::ERROR);\r
                        }\r
-               } elseif (openssl_pkey_export($res, $privateKey)) {\r
+               } elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {\r
                        // Get public key\r
                        $keyDetails = openssl_pkey_get_details($res);\r
                        $publicKey = $keyDetails['key'];\r
@@ -71,7 +70,9 @@ class Crypt {
                        );\r
                } else {\r
                        \OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);\r
-                       \OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);\r
+                       while($errMsg = openssl_error_string()) {\r
+                               \OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);\r
+                       }\r
                }\r
 \r
                return $return;\r

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 2cc905c291410f9c8ab7ac0cffbed3337128b417..10447a07bb81f34aeb164f21ab292f3bbda2be99 100755 (executable)
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -280,9 +280,22 @@ class Helper {
         * @return resource The pkey resource created
         */
        public static function getOpenSSLPkey() {
+               static $res = null;
+               if (is_null($res)) {
+                       $res = openssl_pkey_new(self::getOpenSSLConfig());
+               }
+               return $res;
+       }
+
+       /**
+        * Return an array of OpenSSL config options, default + config
+        * Used for multiple OpenSSL functions
+        * @return array The combined defaults and config settings
+        */
+       public static function getOpenSSLConfig() {
                $config = array('private_key_bits' => 4096);
-               $config = array_merge(\OCP\Config::getSystemValue('openssl'), $config);
-               return openssl_pkey_new($config);
+               $config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
+               return $config;
        }
 
        /**

diff --git a/config/config.sample.php b/config/config.sample.php
index 6425baf87cbd178212f8a498d8a39d28124fd3d2..51ef60588d61297c79fa59c707b1f0543d412fe4 100644 (file)
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -217,6 +217,6 @@ $CONFIG = array(
 
 // Extra SSL options to be used for configuration
 'openssl' => array(
-       //'config' => '/path/to/openssl.cnf',
+       //'config' => '/absolute/location/of/openssl.cnf',
 ),
 );