diff options
| author | Owen Winkler <epithet@gmail.com> | 2013-08-19 06:36:19 -0400 |
|---|---|---|
| committer | ringmaster <epithet@gmail.com> | 2013-09-02 09:59:00 -0400 |
| commit | 9a263a500abb6e6eaf482fcb962fcd9d652e076c (patch) | |
| tree | 2f318816e4d4e519e6478a9f57aef36dda9c3a46 | |
| parent | fb34f49913e55731031a2e5c1b8041259df5c5ef (diff) | |
| download | nextcloud-server-9a263a500abb6e6eaf482fcb962fcd9d652e076c.tar.gz nextcloud-server-9a263a500abb6e6eaf482fcb962fcd9d652e076c.zip | |
Employ config option for OpenSSL config file, if provided.
This should help make OpenSSL configuration on Windows servers easier by allowing the openssl.cnf file to be set directly in the ownCloud config, rather than in SetEnv commands that don't exist and are hard to replicate in IIS.
| -rwxr-xr-x | apps/files_encryption/lib/crypt.php | 9 | ||||
| -rwxr-xr-x | apps/files_encryption/lib/helper.php | 17 | ||||
| -rw-r--r-- | config/config.sample.php | 2 |
3 files changed, 21 insertions, 7 deletions
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 7eab620baa5..c009718160a 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -52,15 +52,14 @@ class Crypt { $return = false;
- $res = \OCA\Encryption\Helper::getOpenSSLPkey();
- $res = openssl_pkey_new(array('private_key_bits' => 4096));
+ $res = Helper::getOpenSSLPkey();
if ($res === false) {
\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);
while ($msg = openssl_error_string()) {
\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails: ' . $msg, \OCP\Util::ERROR);
}
- } elseif (openssl_pkey_export($res, $privateKey)) {
+ } elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {
// Get public key
$keyDetails = openssl_pkey_get_details($res);
$publicKey = $keyDetails['key'];
@@ -71,7 +70,9 @@ class Crypt { );
} else {
\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);
- \OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);
+ while($errMsg = openssl_error_string()) {
+ \OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);
+ }
}
return $return;
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index 2cc905c2914..10447a07bb8 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -280,9 +280,22 @@ class Helper { * @return resource The pkey resource created */ public static function getOpenSSLPkey() { + static $res = null; + if (is_null($res)) { + $res = openssl_pkey_new(self::getOpenSSLConfig()); + } + return $res; + } + + /** + * Return an array of OpenSSL config options, default + config + * Used for multiple OpenSSL functions + * @return array The combined defaults and config settings + */ + public static function getOpenSSLConfig() { $config = array('private_key_bits' => 4096); - $config = array_merge(\OCP\Config::getSystemValue('openssl'), $config); - return openssl_pkey_new($config); + $config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config); + return $config; } /** diff --git a/config/config.sample.php b/config/config.sample.php index 6425baf87cb..51ef60588d6 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -217,6 +217,6 @@ $CONFIG = array( // Extra SSL options to be used for configuration 'openssl' => array( - //'config' => '/path/to/openssl.cnf', + //'config' => '/absolute/location/of/openssl.cnf', ), ); |