Merge pull request #4514 from owncloud/windows_ssl
Allow Windows (or Linux) users to specify OpenSSL options in the ownCloud config
This commit is contained in:
Owen Winkler
commit
f81a205f12
|
|
@ -36,14 +36,6 @@ class Hooks {
|
|||
*/
|
||||
public static function login($params) {
|
||||
$l = new \OC_L10N('files_encryption');
|
||||
//check if all requirements are met
|
||||
if(!Helper::checkRequirements() || !Helper::checkConfiguration() ) {
|
||||
$error_msg = $l->t("Missing requirements.");
|
||||
$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
|
||||
\OC_App::disable('files_encryption');
|
||||
\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
|
||||
\OCP\Template::printErrorPage($error_msg, $hint);
|
||||
}
|
||||
|
||||
$view = new \OC_FilesystemView('/');
|
||||
|
||||
|
|
@ -54,6 +46,15 @@ class Hooks {
|
|||
|
||||
$util = new Util($view, $params['uid']);
|
||||
|
||||
//check if all requirements are met
|
||||
if(!$util->ready() && (!Helper::checkRequirements() || !Helper::checkConfiguration())) {
|
||||
$error_msg = $l->t("Missing requirements.");
|
||||
$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
|
||||
\OC_App::disable('files_encryption');
|
||||
\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
|
||||
\OCP\Template::printErrorPage($error_msg, $hint);
|
||||
}
|
||||
|
||||
// setup user, if user not ready force relogin
|
||||
if (Helper::setupUser($util, $params['password']) === false) {
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -52,14 +52,14 @@ class Crypt {
|
|||
|
||||
$return = false;
|
||||
|
||||
$res = openssl_pkey_new(array('private_key_bits' => 4096));
|
||||
$res = Helper::getOpenSSLPkey();
|
||||
|
||||
if ($res === false) {
|
||||
\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);
|
||||
while ($msg = openssl_error_string()) {
|
||||
\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails: ' . $msg, \OCP\Util::ERROR);
|
||||
}
|
||||
} elseif (openssl_pkey_export($res, $privateKey)) {
|
||||
} elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {
|
||||
// Get public key
|
||||
$keyDetails = openssl_pkey_get_details($res);
|
||||
$publicKey = $keyDetails['key'];
|
||||
|
|
@ -70,7 +70,9 @@ class Crypt {
|
|||
);
|
||||
} else {
|
||||
\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);
|
||||
\OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);
|
||||
while($errMsg = openssl_error_string()) {
|
||||
\OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
return $return;
|
||||
|
|
|
|||
|
|
@ -265,7 +265,7 @@ class Helper {
|
|||
* @return bool true if configuration seems to be OK
|
||||
*/
|
||||
public static function checkConfiguration() {
|
||||
if(openssl_pkey_new(array('private_key_bits' => 4096))) {
|
||||
if(self::getOpenSSLPkey()) {
|
||||
return true;
|
||||
} else {
|
||||
while ($msg = openssl_error_string()) {
|
||||
|
|
@ -275,6 +275,26 @@ class Helper {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an openssl pkey with config-supplied settings
|
||||
* WARNING: This initializes a new private keypair, which is computationally expensive
|
||||
* @return resource The pkey resource created
|
||||
*/
|
||||
public static function getOpenSSLPkey() {
|
||||
return openssl_pkey_new(self::getOpenSSLConfig());
|
||||
}
|
||||
|
||||
/**
|
||||
* Return an array of OpenSSL config options, default + config
|
||||
* Used for multiple OpenSSL functions
|
||||
* @return array The combined defaults and config settings
|
||||
*/
|
||||
public static function getOpenSSLConfig() {
|
||||
$config = array('private_key_bits' => 4096);
|
||||
$config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
|
||||
return $config;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief glob uses different pattern than regular expressions, escape glob pattern only
|
||||
* @param unescaped path
|
||||
|
|
|
|||
|
|
@ -214,4 +214,9 @@ $CONFIG = array(
|
|||
'preview_libreoffice_path' => '/usr/bin/libreoffice',
|
||||
/* cl parameters for libreoffice / openoffice */
|
||||
'preview_office_cl_parameters' => '',
|
||||
|
||||
// Extra SSL options to be used for configuration
|
||||
'openssl' => array(
|
||||
//'config' => '/absolute/location/of/openssl.cnf',
|
||||
),
|
||||
);
|
||||
|
|
|
|||
Loading…
Reference in New Issue