Merge pull request #4514 from owncloud/windows_ssl

Allow Windows (or Linux) users to specify OpenSSL options in the ownCloud config
This commit is contained in:
Owen Winkler 2013-09-02 08:20:56 -07:00
commit f81a205f12
4 changed files with 40 additions and 12 deletions

View File

@ -36,14 +36,6 @@ class Hooks {
*/
public static function login($params) {
$l = new \OC_L10N('files_encryption');
//check if all requirements are met
if(!Helper::checkRequirements() || !Helper::checkConfiguration() ) {
$error_msg = $l->t("Missing requirements.");
$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
\OC_App::disable('files_encryption');
\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
\OCP\Template::printErrorPage($error_msg, $hint);
}
$view = new \OC_FilesystemView('/');
@ -54,6 +46,15 @@ class Hooks {
$util = new Util($view, $params['uid']);
//check if all requirements are met
if(!$util->ready() && (!Helper::checkRequirements() || !Helper::checkConfiguration())) {
$error_msg = $l->t("Missing requirements.");
$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
\OC_App::disable('files_encryption');
\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
\OCP\Template::printErrorPage($error_msg, $hint);
}
// setup user, if user not ready force relogin
if (Helper::setupUser($util, $params['password']) === false) {
return false;

View File

@ -52,14 +52,14 @@ class Crypt {
$return = false;
$res = openssl_pkey_new(array('private_key_bits' => 4096));
$res = Helper::getOpenSSLPkey();
if ($res === false) {
\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);
while ($msg = openssl_error_string()) {
\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails: ' . $msg, \OCP\Util::ERROR);
}
} elseif (openssl_pkey_export($res, $privateKey)) {
} elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {
// Get public key
$keyDetails = openssl_pkey_get_details($res);
$publicKey = $keyDetails['key'];
@ -70,7 +70,9 @@ class Crypt {
);
} else {
\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);
\OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);
while($errMsg = openssl_error_string()) {
\OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);
}
}
return $return;

View File

@ -265,7 +265,7 @@ class Helper {
* @return bool true if configuration seems to be OK
*/
public static function checkConfiguration() {
if(openssl_pkey_new(array('private_key_bits' => 4096))) {
if(self::getOpenSSLPkey()) {
return true;
} else {
while ($msg = openssl_error_string()) {
@ -275,6 +275,26 @@ class Helper {
}
}
/**
* Create an openssl pkey with config-supplied settings
* WARNING: This initializes a new private keypair, which is computationally expensive
* @return resource The pkey resource created
*/
public static function getOpenSSLPkey() {
return openssl_pkey_new(self::getOpenSSLConfig());
}
/**
* Return an array of OpenSSL config options, default + config
* Used for multiple OpenSSL functions
* @return array The combined defaults and config settings
*/
public static function getOpenSSLConfig() {
$config = array('private_key_bits' => 4096);
$config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
return $config;
}
/**
* @brief glob uses different pattern than regular expressions, escape glob pattern only
* @param unescaped path

View File

@ -214,4 +214,9 @@ $CONFIG = array(
'preview_libreoffice_path' => '/usr/bin/libreoffice',
/* cl parameters for libreoffice / openoffice */
'preview_office_cl_parameters' => '',
// Extra SSL options to be used for configuration
'openssl' => array(
//'config' => '/absolute/location/of/openssl.cnf',
),
);