Current File : //usr/share/webmin/webmin/change_ssl.cgi |
#!/usr/bin/perl
# change_ssl.cgi
# Enable or disable SSL support
require './webmin-lib.pl';
&ReadParse();
&error_setup($text{'ssl_err'});
&lock_file($ENV{'MINISERV_CONFIG'});
&get_miniserv_config(\%miniserv);
$sslcurr = $miniserv{'ssl'};
$miniserv{'ssl'} = $in{'ssl'};
$miniserv{'ssl_hsts'} = ($in{'ssl'} && $in{'ssl_hsts'}) ? 1 : 0;
&validate_key_cert($in{'key'}, $in{'cert_def'} ? undef : $in{'cert'});
$miniserv{'keyfile'} = $in{'key'};
$miniserv{'certfile'} = $in{'cert_def'} ? undef : $in{'cert'};
$miniserv{'no_sslcompression'} = !$in{'ssl_compression'};
$miniserv{'ssl_honorcipherorder'} = $in{'ssl_honorcipherorder'};
if ($in{'version_def'}) {
delete($miniserv{'ssl_version'});
}
else {
$in{'version'} =~ /^\d+$/ || &error($text{'ssl_eversion'});
$miniserv{'ssl_version'} = $in{'version'};
}
$miniserv{'no_ssl2'} = $in{'no_ssl2'};
$miniserv{'no_ssl3'} = $in{'no_ssl3'};
$miniserv{'no_tls1'} = $in{'no_tls1'};
$miniserv{'no_tls1_1'} = $in{'no_tls1_1'};
$miniserv{'no_tls1_2'} = $in{'no_tls1_2'};
if ($in{'cipher_list_def'} == 1) {
delete($miniserv{'ssl_cipher_list'});
}
elsif ($in{'cipher_list_def'} == 2) {
$miniserv{'ssl_cipher_list'} = $strong_ssl_ciphers;
}
elsif ($in{'cipher_list_def'} == 3) {
# Check for PFS support
eval "use Net::SSLeay";
$Net::SSLeay::VERSION >= 1.57 ||
&error(&text('ssl_epfsversion', $Net::SSLeay::VERSION, 1.57));
$miniserv{'ssl_cipher_list'} = $pfs_ssl_ciphers;
$miniserv{'dhparams_file'} ||= "$config_directory/dhparams.pem";
if (!-r $miniserv{'dhparams_file'}) {
# Generate file needed for PFS
my $out = &backquote_command(
"openssl dhparam -out ".
quotemeta($miniserv{'dhparams_file'})." 2048 2>&1");
if ($?) {
&error(&text('ssl_edhparams',
"<pre>".&html_escape($out)."</pre>"));
}
&set_ownership_permissions(
undef, undef, 700, $miniserv{'dhparams_file'});
}
}
else {
$in{'cipher_list'} =~ /^\S+$/ || &error($text{'ssl_ecipher_list'});
$miniserv{'ssl_cipher_list'} = $in{'cipher_list'};
}
$miniserv{'cipher_list_def'} = $in{'cipher_list_def'};
foreach $ec (split(/[\r\n]+/, $in{'extracas'})) {
-r $ec && !-d $ec || &error(&text('ssl_eextraca', $ec));
push(@extracas, $ec);
}
$miniserv{'extracas'} = join("\t", @extracas);
&put_miniserv_config(\%miniserv);
&unlock_file($ENV{'MINISERV_CONFIG'});
$SIG{'TERM'} = 'IGNORE'; # stop process from being killed by restart
&restart_miniserv();
&webmin_log("ssl", undef, undef, \%in);
if (!$miniserv{'ssl_hsts'}) {
# Tell browser to unset HSTS policy to make non-SSL URL work
print "Strict-Transport-Security: max-age=0;\n";
}
$url = ($in{'ssl'} ? "https://" : "http://") .
"$ENV{'SERVER_NAME'}:$miniserv{'port'}";
if ($sslcurr != $miniserv{'ssl'}) {
%tinfo = &get_theme_info($current_theme);
if ($tinfo{'spa'} && $tinfo{'nomodcall'}) {
$url .= "@{[&get_webprefix()]}/webmin/?$tinfo{'nomodcall'}";
}
&ui_print_header(undef, $text{'ssl_title'}, "", undef, undef, 1);
print $text{'ssl_redirect'},"<br>\n";
print "<script>\n";
print "top.location = '$url';\n";
print "</script>\n";
&ui_print_footer();
}
else {
&redirect("");
}