From 1d713d024d055d174881c347fe1eae07e682bda6 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sat, 1 Jul 2017 16:37:54 +0000
Subject: [PATCH] ADD script variables _DEFAULT_SSL_CERT _DEFAULT_SSL_KEY
 _SSL_SNAKEOIL_CERT _SSL_SNAKEOIL_KEY.

---
 install_httpd-2.4.sh | 40 +++++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/install_httpd-2.4.sh b/install_httpd-2.4.sh
index 47bc4cf..8ad805e 100755
--- a/install_httpd-2.4.sh
+++ b/install_httpd-2.4.sh
@@ -18,6 +18,9 @@ _MOD_PERL_VERSION=2.0.10
 
 _SEPARATE_LISTEN_DIRECTIVES=false
 
+_SSL_SNAKEOIL_CERT="/etc/ssl/certs/ssl-cert-snakeoil.pem"
+_SSL_SNAKEOIL_KEY="/etc/ssl/private/ssl-cert-snakeoil.key"
+
 if $_WITH_MOD_FCGID -o $_WITH_MOD_PROXY_FCGI ; then
    _WITH_MOD_PHP=false
 else
@@ -941,6 +944,19 @@ else
    fatal "Installing dependency packages for \"apache2\" failed!"
 fi
 
+#echononl "\tInstall packages 'ssl-cert', 'ssl-cert-check'.."
+#echo "## - Install packages 'ssl-cert', 'ssl-cert-check'" >> ${_logdir}/main.log
+#echo "## -" >> ${_logdir}/main.log
+#echo "DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert ssl-cert-check" >> ${_logdir}/main.log
+#DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert ssl-cert-check >> ${_logdir}/main.log 2>&1
+#if [ "$?" = 0 ]; then
+#   echo_ok
+#else
+#   echo_failed
+#   fatal "Installing 'ssl-cert', 'ssl-cert-check' failed!"
+#fi
+
+
 ## - get sources..
 ## -
 echo ""  >> ${_logdir}/main.log
@@ -1891,16 +1907,18 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
    #notice=""
    ## - copy certification files if present..
    _failed=false
+   _DEFAULT_SSL_CERT="${PREFIX}/conf/server-bundle.crt"
+   _DEFAULT_SSL_KEY="${PREFIX}/conf/server.key"
    echo "" >> ${_logdir}/main.log
    echo "## - Set Symlinks for default Server Key/Cert" >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    echononl "\tSet Symlinks for default Server Key/Cert.."
    if [ -f "/var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem" -a -f "/var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem" ]; then
-      ln -s  /var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem ${PREFIX}/conf/server-bundle.crt
+      ln -s  /var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem $_DEFAULT_SSL_CERT
       if [[ $? -gt 0 ]];then
          _failed=true
       fi
-      ln -s  /var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem ${PREFIX}/conf/server.key
+      ln -s  /var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem $_DEFAULT_SSL_KEY
       if [[ $? -gt 0 ]];then
          _failed=true
       fi
@@ -1909,12 +1927,12 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
       else
          echo_ok
       fi
-   elif [ -f /etc/ssl/certs/ssl-cert-snakeoil.pem -a -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
-      ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem ${PREFIX}/conf/server-bundle.crt
+   elif [ -f $_SSL_SNAKEOIL_CERT -a -f $_SSL_SNAKEOIL_KEY ]; then
+      ln -s $_SSL_SNAKEOIL_CERT $_DEFAULT_SSL_CERT 
       if [[ $? -gt 0 ]];then
          _failed=true
       fi
-      ln -s /etc/ssl/private/ssl-cert-snakeoil.key ${PREFIX}/conf/server.key
+      ln -s $_SSL_SNAKEOIL_KEY $_DEFAULT_SSL_KEY
       if [[ $? -gt 0 ]];then
          _failed=true
       fi
@@ -1924,11 +1942,11 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
          echo_ok
       fi
    elif [ -f $_srcdir/server-bundle.crt -a -f $_srcdir/server.key ];then
-      cp $_srcdir/server-bundle.crt $PREFIX/conf/
+      cp $_srcdir/server-bundle.crt $_DEFAULT_SSL_CERT
       if [[ $? -gt 0 ]];then
          _failed=true
       fi
-      cp $_srcdir/server.key $PREFIX/conf/
+      cp $_srcdir/server.key $_DEFAULT_SSL_KEY
       if [[ $? -gt 0 ]];then
          _failed=true
       fi
@@ -1938,8 +1956,10 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
          echo_ok
       fi
    else
+
       echo_skipped
       warn "SSL Connections are enabled but no (default) certificates\n\t             are present. So the webserver will not start."
+
    fi
 
    if [[ -n "$IP_ADDRESSES" ]] && $SEPARATE_LISTEN_DIRECTIVES ; then
@@ -1999,6 +2019,7 @@ EOF
    echo "## - $_file: Set SSLCipherSuite.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLCipherSuite.."
    sed -i$_backup_suffix -r \
       -e "s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
@@ -2016,6 +2037,7 @@ EOF
    echo "## - $_file: Set SSLCertificateFile.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\\\"${PREFIX}/conf/server-bundle.crt\\\"&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLCertificateFile.."
    sed -i$_backup_suffix -r \
       -e "s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\"${PREFIX}/conf/server-bundle.crt\"&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
@@ -2033,6 +2055,7 @@ EOF
    echo "## - $_file: Set SSLProxyCipherSuite.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLProxyCipherSuite.."
    sed -i$_backup_suffix -r \
       -e "s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
@@ -2050,6 +2073,7 @@ EOF
    echo "## - $_file: Set SSLProtocol.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLProtocol.."
    sed -i$_backup_suffix -r \
       -e "s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
@@ -2067,6 +2091,7 @@ EOF
    echo "## - $_file: Set SSLProxyProtocol.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLProxyProtocol.."
    sed -i$_backup_suffix -r \
       -e "s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1
@@ -2083,6 +2108,7 @@ EOF
    echo "## - $_file: Set SSLHonorCipherOrder.." >> ${_logdir}/main.log
    echo "## -" >> ${_logdir}/main.log
    echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
+   echononl "\t$_file: Set SSLHonorCipherOrder.."
    sed -i$_backup_suffix -r \
       -e "s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g" \
       ${PREFIX}/${_rel_confextra_path}/${_file}  >> ${_logdir}/main.log 2>&1