diff --git a/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php b/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php index 8dbe4e04..f9f256bb 100644 --- a/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php +++ b/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php @@ -1,5 +1,5 @@ -ssl_enabled && $this->ssl_key) : ?> +ssl_enabled && $this->ssl_key && $this->ssl_cert_ok) : ?> > site_mail) : ?> diff --git a/http/Provision/Config/Http/Ssl/Site.php b/http/Provision/Config/Http/Ssl/Site.php index 00658db1..2170a5ae 100644 --- a/http/Provision/Config/Http/Ssl/Site.php +++ b/http/Provision/Config/Http/Ssl/Site.php @@ -9,12 +9,11 @@ class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site { public $template = 'vhost_ssl.tpl.php'; public $disabled_template = 'vhost_ssl_disabled.tpl.php'; + public $ssl_cert_ok = TRUE; public $description = 'encrypted virtual host configuration'; function write() { - parent::write(); - if ($this->ssl_enabled && $this->ssl_key) { $path = dirname($this->data['ssl_cert']); // Make sure the ssl.d directory in the server ssl.d exists. @@ -28,28 +27,39 @@ class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site { // XXX: test. data structure may not be sound. try d($this->uri) // if $this fails Provision_Service_http_ssl::assign_certificate_site($this->ssl_key, $this); - + // Copy the certificates to the server's ssl.d directory. - provision_file()->copy( - $this->data['ssl_cert_source'], - $this->data['ssl_cert']) - || drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place')); - provision_file()->copy( - $this->data['ssl_cert_key_source'], - $this->data['ssl_cert_key']) - || drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place')); + if (!provision_file()->copy($this->data['ssl_cert_source'], $this->data['ssl_cert'])->status()) { + drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place')); + $this->ssl_cert_ok = FALSE; + } + if (!provision_file()->copy($this->data['ssl_cert_key_source'], $this->data['ssl_cert_key'])->status()) { + drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place')); + $this->ssl_cert_ok = FALSE; + } // Copy the chain certificate, if it is set. if (!empty($this->data['ssl_chain_cert_source'])) { - provision_file()->copy( - $this->data['ssl_chain_cert_source'], - $this->data['ssl_chain_cert']) - || drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place')); + if (!provision_file()->copy($this->data['ssl_chain_cert_source'], $this->data['ssl_chain_cert'])->status()) { + drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place')); + $this->ssl_cert_ok = FALSE; + } } + + // If cert is not ok, turn off ssl_redirection. + if ($this->ssl_cert_ok == FALSE) { + $this->data['ssl_redirection'] = FALSE; + drush_log(dt('SSL Certificate preparation failed. SSL has been disabled for this site.'), 'warning'); + } + // Sync the key directory to the remote server. $this->data['server']->sync($path, array( 'exclude' => "{$path}/*.receipt", // Don't need to synch the receipts )); } + + // Call parent's write AFTER ensuring the certificates are in place to prevent + // the vhost from referencing missing files. + parent::write(); } /** diff --git a/http/Provision/Service/http/ssl.php b/http/Provision/Service/http/ssl.php index 849c6743..f30c5e8f 100644 --- a/http/Provision/Service/http/ssl.php +++ b/http/Provision/Service/http/ssl.php @@ -77,12 +77,6 @@ class Provision_Service_http_ssl extends Provision_Service_http_public { $certs = $this->get_certificates($ssl_key); $data = array_merge($data, $certs); } - - // Turn off ssl and redirection if the cert key is not readable or doesn't exist for some reason. - if (!is_readable($data['ssl_cert_key'])) { - $this->context->ssl_enabled = FALSE; - $data['ssl_redirection'] = FALSE; - } } return $data;