2 # Defines editors for mod_ssl directives
7 $rv = [ [ 'SSLEngine', 0, 14, 'virtual', undef, 10 ],
8 [ 'SSLProtocol', 0, 14, 'virtual', undef, 10 ],
9 [ 'SSLCertificateFile', 0, 14, 'virtual', undef, 9 ],
10 [ 'SSLCertificateKeyFile', 0, 14, 'virtual', undef, 8 ],
11 [ 'SSLCACertificateFile', 0, 14, 'virtual', undef, 7.7 ],
12 [ 'SSLPassPhraseDialog', 1, 14, 'global', 2.0, 7.5 ],
13 [ 'SSLVerifyClient', 0, 14, 'virtual directory htaccess', undef, 7 ],
14 [ 'SSLVerifyDepth', 0, 14, 'virtual directory htaccess', undef, 6 ],
15 [ 'SSLLog', 0, 14, 'virtual', undef, 5 ],
16 [ 'SSLRequireSSL', 0, 14, 'directory htaccess', undef, 4 ],
18 return &make_directives($rv, $_[0], "mod_ssl");
23 return (1, $text{'mod_ssl_enable'},
24 &choice_input($_[0]->{'value'}, "SSLEngine", "",
25 "$text{'yes'},on", "$text{'no'},off", "$text{'default'},"));
29 if ($in{'SSLEngine'} eq 'on' &&
30 $in{'SSLCertificateFile_def'}) {
31 # SSL enabled but no cert .. fail
32 &error($text{'mod_ssl_ecerton'});
34 return &parse_choice("SSLEngine");
37 @sslprotos = ("SSLv2", "SSLv3", "TLSv1");
40 local ($rv, $p, %prot);
41 local @list = $_[0] ? @{$_[0]->{'words'}} : ("all");
43 if ($p =~ /^\+?all$/i) { map { $prot{lc($_)} = 1 } @sslprotos; }
44 elsif ($p =~ /^\-all$/i) { undef(%prot); }
45 elsif ($p =~ /^\-(\S+)/) { $prot{lc($1)} = 0; }
46 elsif ($p =~ /^\+(\S+)/) { $prot{lc($1)} = 1; }
48 foreach $p (@sslprotos) {
49 $rv .= sprintf "<input type=checkbox name=SSLProtocol value=$p %s> $p ",
50 $prot{lc($p)} ? "checked" : "";
52 return (1, $text{'mod_ssl_proto'}, $rv);
56 local @sel = split(/\0/, $in{'SSLProtocol'});
57 if (scalar(@sel) == scalar(@sslprotos)) { return ( [ ] ); }
58 return ( [ join(" ", (map { "+$_" } @sel)) ] );
61 sub edit_SSLCertificateFile
63 return (2, $text{'mod_ssl_cfile'},
64 &opt_input($_[0]->{'value'}, "SSLCertificateFile", $text{'mod_ssl_default'}, 35).
65 &file_chooser_button("SSLCertificateFile", 0));
67 sub save_SSLCertificateFile
69 return &parse_opt("SSLCertificateFile", '\S', $text{'mod_ssl_ecfile'});
72 sub edit_SSLCertificateKeyFile
74 return (2, $text{'mod_ssl_kfile'},
75 &opt_input($_[0]->{'value'}, "SSLCertificateKeyFile", $text{'mod_ssl_default'}, 35).
76 &file_chooser_button("SSLCertificateKeyFile", 0));
78 sub save_SSLCertificateKeyFile
80 return &parse_opt("SSLCertificateKeyFile", '\S', $text{'mod_ssl_ekfile'});
83 sub edit_SSLCACertificateFile
85 return (2, $text{'mod_ssl_cafile'},
86 &opt_input($_[0]->{'value'}, "SSLCACertificateFile", $text{'mod_ssl_default'}, 35).
87 &file_chooser_button("SSLCACertificateFile", 0));
89 sub save_SSLCACertificateFile
91 return &parse_opt("SSLCACertificateFile", '\S', $text{'mod_ssl_ecafile'});
96 sub edit_SSLVerifyClient
98 return (1, $text{'mod_ssl_clcert'},
99 &select_input($_[0]->{'value'}, "SSLVerifyClient", "",
100 "$text{'default'},", "$text{'mod_ssl_nreq'},none",
101 "$text{'mod_ssl_opt'},optional",
102 "$text{'mod_ssl_req'},require",
103 "$text{'mod_ssl_optca'},optional_no_ca"));
105 sub save_SSLVerifyClient
107 return &parse_select("SSLVerifyClient");
110 sub edit_SSLVerifyDepth
112 return (1, $text{'mod_ssl_cdepth'},
113 &opt_input($_[0]->{'value'}, "SSLVerifyDepth", $text{'mod_ssl_default'}, 6));
115 sub save_SSLVerifyDepth
117 return &parse_opt("SSLVerifyDepth", '^\d+$', $text{'mod_ssl_ecdepth'});
122 return (1, $text{'mod_ssl_log'},
123 &opt_input($_[0]->{'value'}, "SSLLog", $text{'mod_ssl_default'}, 20));
127 return &parse_opt("SSLLog", '\S', $text{'mod_ssl_elog'});
130 sub edit_SSLRequireSSL
132 return (1, $text{'mod_ssl_onlyssl'},
133 &choice_input($_[0] ? 1 : 0, "SSLRequireSSL", 0, "$text{'yes'},1", "$text{'no'},0"));
135 sub save_SSLRequireSSL
137 return $in{'SSLRequireSSL'} ? ( [ "" ] ) : ( [ ] );
140 sub edit_SSLPassPhraseDialog
142 local $table = &ui_columns_start();
144 foreach my $p (@{$_[0]}, { }) {
145 local ($mode, $script, $pass, $file);
146 if ($p->{'value'} eq 'builtin') {
149 elsif ($p->{'value'} =~ /^exec:(.*)$/) {
151 local $data = &read_file_contents($1);
152 if ($data =~ /^#!\/bin\/sh\necho\s(.*)\n$/) {
162 elsif ($p->{'value'}) {
163 $script = $p->{'value'};
169 $table .= &ui_columns_row([
170 &ui_radio("SSLPassPhraseDialog_$i", $mode,
171 [ [ 0, $text{'mod_ssl_passnone'}."<br>" ],
172 [ 1, $text{'mod_ssl_builtin'}."<br>" ],
173 [ 2, &text('mod_ssl_passph',
174 &ui_textbox("SSLPassPhraseDialog_pass_$i",
175 $pass, 20))."<br>" ],
176 [ 3, &text('mod_ssl_passsc',
177 &ui_textbox("SSLPassPhraseDialog_script_$i",
180 &ui_hidden("SSLPassPhraseDialog_file_$i", $file)
184 $table .= &ui_columns_end();
185 return (2, $text{'mod_ssl_pass'}, $table);
187 sub save_SSLPassPhraseDialog
191 for(my $i=0; defined($in{"SSLPassPhraseDialog_$i"}); $i++) {
192 if ($in{"SSLPassPhraseDialog_$i"} == 0) {
195 elsif ($in{"SSLPassPhraseDialog_$i"} == 1) {
196 push(@rv, "builtin");
198 elsif ($in{"SSLPassPhraseDialog_$i"} == 2) {
199 $in{"SSLPassPhraseDialog_pass_$i"} =~ /\S/ ||
200 &error($text{'mod_ssl_epassph'});
201 local $file = $in{"SSLPassPhraseDialog_file_$i"} ||
202 "$config{'httpd_dir'}/passphrase.".time().".sh";
203 &open_tempfile(PASS, ">$file");
204 &print_tempfile(PASS, "#!/bin/sh\n");
205 &print_tempfile(PASS, "echo ",
206 $in{"SSLPassPhraseDialog_pass_$i"},"\n");
207 &close_tempfile(PASS);
208 &set_ownership_permissions(undef, undef, 0755, $file);
209 push(@rv, "exec:$file");
211 elsif ($in{"SSLPassPhraseDialog_$i"} == 3) {
212 if ($in{"SSLPassPhraseDialog_script_$i"} =~ /^[a-z]+:/) {
213 push(@rv, $in{"SSLPassPhraseDialog_script_$i"});
216 $in{"SSLPassPhraseDialog_script_$i"} =~ /^\/\S/ ||
217 &error($text{'mod_ssl_epasssc'});
218 push(@rv, "exec:".$in{"SSLPassPhraseDialog_script_$i"});