webmin/edit_ssl.cgi

   1 #!/usr/local/bin/perl
   2 # edit_ssl.cgi
   3 # Webserver SSL form
   4
   5 require './webmin-lib.pl';
   6 &ui_print_header(undef, $text{'ssl_title'}, "");
   7 &ReadParse();
   8 &get_miniserv_config(\%miniserv);
   9
  10 # Check if we even *have* SSL support
  11 $@ = undef;
  12 eval "use Net::SSLeay";
  13 if ($@) {
  14         print &text('ssl_essl', "http://www.webmin.com/ssl.html"),"<p>\n";
  15         if (&foreign_available("cpan")) {
  16                 print &text('ssl_cpan', "../cpan/download.cgi?source=3&cpan=Net::SSLeay&mode=2&return=/$module_name/&returndesc=".&urlize($text{'index_return'})),"<p>\n";
  17                 }
  18         $err = $@;
  19         $err =~ s/\s+at.*line\s+\d+[\000-\377]*$//;
  20         print &text('ssl_emessage', "<tt>$err</tt>"),"<p>\n";
  21         &ui_print_footer("", $text{'index_return'});
  22         exit;
  23         }
  24
  25 # Show tabs
  26 @tabs = map { [ $_, $text{'ssl_tab'.$_}, "edit_ssl.cgi?mode=$_" ] }
  27             ( "ssl", "current", "ips", "create", "upload" );
  28 print &ui_tabs_start(\@tabs, "mode", $in{'mode'} || $tabs[0]->[0], 1);
  29
  30 # Basic SSL settings
  31 print &ui_tabs_start_tab("mode", "ssl");
  32 print $text{'ssl_desc1'},"<p>\n";
  33 print $text{'ssl_desc2'},"<p>\n";
  34
  35 print &ui_form_start("change_ssl.cgi", "post");
  36 print &ui_table_start($text{'ssl_header'}, undef, 2);
  37
  38 print &ui_table_row($text{'ssl_on'},
  39         &ui_yesno_radio("ssl", $miniserv{'ssl'}));
  40
  41 print &ui_table_row($text{'ssl_key'},
  42         &ui_textbox("key", $miniserv{'keyfile'}, 40)." ".
  43         &file_chooser_button("key"));
  44
  45 print &ui_table_row($text{'ssl_cert'},
  46         &ui_opt_textbox("cert", $miniserv{'certfile'}, 40,
  47                         $text{'ssl_cert_def'}."<br>",$text{'ssl_cert_oth'})." ".
  48         &file_chooser_button("cert"));
  49
  50 print &ui_table_row($text{'ssl_redirect'},
  51         &ui_yesno_radio("ssl_redirect", $miniserv{'ssl_redirect'}));
  52
  53 print &ui_table_row($text{'ssl_version'},
  54         &ui_opt_textbox("version", $miniserv{'ssl_version'}, 4,
  55                         $text{'ssl_auto'}));
  56
  57 $clist = $miniserv{'ssl_cipher_list'};
  58 $cmode = !$clist ? 1 :
  59          $clist eq $strong_ssl_ciphers ? 2 : 0;
  60 print &ui_table_row($text{'ssl_cipher_list'},
  61         &ui_radio("cipher_list_def", $cmode,
  62                   [ [ 1, $text{'ssl_auto'}."<br>" ],
  63                     [ 2, $text{'ssl_strong'}."<br>" ],
  64                     [ 0, $text{'ssl_clist'}." ".
  65                          &ui_textbox("cipher_list",
  66                                      $cmode == 0 ? $clist : "", 30) ] ]));
  67
  68 print &ui_table_row($text{'ssl_extracas'},
  69         &ui_textarea("extracas", join("\n",split(/\s+/, $miniserv{'extracas'})),
  70                      3, 60)." ".
  71         &file_chooser_button("extracas", 0, undef, undef, 1));
  72
  73 print &ui_table_end();
  74 print &ui_form_end([ [ "", $text{'save'} ] ]);
  75 print &ui_tabs_end_tab();
  76
  77 # Page showing current cert
  78 print &ui_tabs_start_tab("mode", "current");
  79 print "$text{'ssl_current'}<p>\n";
  80 print &ui_table_start($text{'ssl_cheader'}, undef, 4);
  81 $info = &cert_info($miniserv{'certfile'} || $miniserv{'keyfile'});
  82 foreach $i ('cn', 'o', 'email', 'issuer_cn', 'issuer_o', 'issuer_email',
  83             'notafter', 'type') {
  84         if ($info->{$i}) {
  85                 print &ui_table_row($text{'ca_'.$i}, $info->{$i});
  86                 }
  87         }
  88 @clinks = (
  89         "<a href='download_cert.cgi/cert.pem'>".
  90         "$text{'ssl_pem'}</a>",
  91         "<a href='download_cert.cgi/cert.p12'>".
  92         "$text{'ssl_pkcs12'}</a>"
  93         );
  94 print &ui_table_row($text{'ssl_download'}, &ui_links_row(\@clinks));
  95 print &ui_table_end();
  96 print &ui_tabs_end_tab();
  97
  98 # Table listing per-IP SSL certs
  99 print &ui_tabs_start_tab("mode", "ips");
 100 print "$text{'ssl_ipkeys'}<p>\n";
 101 @ipkeys = &get_ipkeys(\%miniserv);
 102 if (@ipkeys) {
 103         print &ui_columns_start([ $text{'ssl_ips'}, $text{'ssl_key'},
 104                                   $text{'ssl_cert'} ]);
 105         foreach $k (@ipkeys) {
 106                 print &ui_columns_row([
 107                         "<a href='edit_ipkey.cgi?idx=$k->{'index'}'>".
 108                         join(", ", @{$k->{'ips'}})."</a>",
 109                         "<tt>$k->{'key'}</tt>",
 110                         $k->{'cert'} ? "<tt>$k->{'cert'}</tt>"
 111                                      : $text{'ssl_cert_def'},
 112                         ]);
 113                 }
 114         print &ui_columns_end();
 115         }
 116 else {
 117         print "<b>$text{'ssl_ipkeynone'}</b><p>\n";
 118         }
 119 print "<a href='edit_ipkey.cgi?new=1'>$text{'ssl_addipkey'}</a><p>\n";
 120 print &ui_tabs_end_tab();
 121
 122 # SSL key generation form
 123 print &ui_tabs_start_tab("mode", "create");
 124 print "$text{'ssl_newkey'}<p>\n";
 125 my $curkey = &read_file_contents($miniserv{'keyfile'});
 126 my $origkey = &read_file_contents("$root_directory/miniserv.pem");
 127 if ($curkey eq $origkey) {
 128         # System is using the original (insecure) Webmin key!
 129         print "<b>$text{'ssl_hole'}</b><p>\n";
 130         }
 131
 132 print &ui_form_start("newkey.cgi");
 133 print &ui_table_start($text{'ssl_header1'}, undef, 2);
 134
 135 $host = $ENV{'HTTP_HOST'};
 136 $host =~ s/:.*//;
 137 print &show_ssl_key_form($host, undef,
 138                          "Webmin Webserver on ".&get_system_hostname());
 139
 140 print &ui_table_row($text{'ssl_newfile'},
 141             &ui_textbox("newfile", "$config_directory/miniserv.pem", 40));
 142
 143 print &ui_table_row($text{'ssl_usenew'},
 144                     &ui_yesno_radio("usenew", 1));
 145
 146 print &ui_table_end();
 147 print &ui_form_end([ [ "", $text{'ssl_create'} ] ]);
 148 print &ui_tabs_end_tab();
 149
 150 # SSL key upload form
 151 print &ui_tabs_start_tab("mode", "upload");
 152 print "$text{'ssl_savekey'}<p>\n";
 153 print &ui_form_start("savekey.cgi", "form-data");
 154 print &ui_table_start($text{'ssl_saveheader'}, undef, 2);
 155
 156 print &ui_table_row($text{'ssl_privkey'},
 157                     &ui_textarea("key", undef, 7, 70)."<br>\n".
 158                     "<b>$text{'ssl_upload'}</b>\n".
 159                     &ui_upload("keyfile"));
 160
 161 print &ui_table_row($text{'ssl_privcert'},
 162                     &ui_radio("cert_def", 1,
 163                         [ [ 1, $text{'ssl_same'} ],
 164                           [ 0, $text{'ssl_below'} ] ])."<br>\n".
 165                     &ui_textarea("cert", undef, 7, 70)."<br>\n".
 166                     "<b>$text{'ssl_upload'}</b>\n".
 167                     &ui_upload("certfile"));
 168
 169 print &ui_table_row($text{'ssl_privchain'},
 170                     &ui_radio("chain_def", 1,
 171                         [ [ 1, $miniserv{'extracas'} ? $text{'ssl_leavechain'}
 172                                                      : $text{'ssl_nochain'} ],
 173                           [ 0, $text{'ssl_below'} ] ])."<br>\n".
 174                     &ui_textarea("chain", undef, 7, 70)."<br>\n".
 175                     "<b>$text{'ssl_upload'}</b>\n".
 176                     &ui_upload("chainfile"));
 177
 178 print &ui_table_end();
 179 print &ui_form_end([ [ "save", $text{'save'} ] ]);
 180 print &ui_tabs_end_tab();
 181
 182 print &ui_tabs_end(1);
 183
 184 &ui_print_footer("", $text{'index_return'});
 185