Implemented automatic SSL configuration in installer.

29f724ef · Demian Katz · 83fcafd0 · 29f724ef · 29f724ef · 29f724ef
Commit 29f724ef authored 9 years ago by Demian Katz
--- a/module/VuFind/config/module.config.php
+++ b/module/VuFind/config/module.config.php
@@ -737,7 +737,7 @@ $staticRoutes = [
    'Error/Unavailable', 'Feedback/Email', 'Feedback/Home', 'Help/Home',
    'Install/Done', 'Install/FixBasicConfig', 'Install/FixCache',
    'Install/FixDatabase', 'Install/FixDependencies', 'Install/FixILS',
-    'Install/FixSecurity', 'Install/FixSolr', 'Install/Home',
+    'Install/FixSecurity', 'Install/FixSolr', 'Install/FixSSLCerts', 'Install/Home',
    'Install/PerformSecurityFix', 'Install/ShowSQL',
    'LibGuides/Home', 'LibGuides/Results',
    'LibraryCards/Home', 'LibraryCards/SelectCard',

--- a/module/VuFind/src/VuFind/Controller/InstallController.php
+++ b/module/VuFind/src/VuFind/Controller/InstallController.php
@@ -792,6 +792,91 @@ class InstallController extends AbstractBase
        return $this->redirect()->toRoute('install-home');
    }

+    /**
+     * Check if SSL configuration is set properly.
+     *
+     * @return array
+     */
+    public function checkSslCerts()
+    {
+        // Try to retrieve an SSL URL; if we're misconfigured, it will fail.
+        try {
+            $this->getServiceLocator()->get('VuFind\Http')
+                ->get('https://google.com');
+            $status = true;
+        } catch (\VuFindHttp\Exception\RuntimeException $e) {
+            // Any exception means we have a problem!
+            $status = false;
+        }
+
+        return [
+            'title' => 'SSL', 'status' => $status, 'fix' => 'fixsslcerts'
+        ];
+    }
+
+    /**
+     * Display repair instructions for SSL certificate problems.
+     *
+     * @return mixed
+     */
+    public function fixsslcertsAction()
+    {
+        // Bail out if we've fixed the problem:
+        $result = $this->checkSslCerts();
+        if ($result['status'] == true) {
+            $this->flashMessenger()->addMessage('SSL configuration fixed.', 'info');
+            return $this->redirect()->toRoute('install-home');
+        }
+
+        // Find out which test to try next:
+        $try = $this->params()->fromQuery('try', 0);
+
+        // Configurations to test:
+        $configsToTest = [
+            ['sslcapath' => '/etc/ssl/certs'],
+            ['sslcafile' => '/etc/pki/tls/cert.pem'],
+            [], // reset configuration as last attempt
+        ];
+        if (isset($configsToTest[$try])) {
+            return $this->testSslCertConfig($configsToTest[$try], $try);
+        }
+
+        // If we got this far, we can't fix this automatically and must display
+        // a message.
+        $view = $this->createViewModel();
+        return $view;
+    }
+
+    /**
+     * Try switching to a specific SSL configuration.
+     *
+     * @param array $config Setting(s) to add to [Http] section of config.ini.
+     * @param int   $try    Which config index are we trying right now?
+     *
+     * @return void
+     */
+    protected function testSslCertConfig($config, $try)
+    {
+        $file = ConfigLocator::getLocalConfigPath('config.ini', null, true);
+        $writer = new ConfigWriter($file);
+        // Reset old settings
+        $writer->clear('Http', 'sslcapath');
+        $writer->clear('Http', 'sslcafile');
+        // Load new settings
+        foreach ($config as $setting => $value) {
+            $writer->set('Http', $setting, $value);
+        }
+        if (!$writer->save()) {
+            throw new \Exception('Cannot write config to disk.');
+        }
+
+        // Jump back to fix action so we can check if it worked (and attempt
+        // the next config by incrementing the $try variable, if necessary):
+        return $this->redirect()->toRoute(
+            'install-fixsslcerts', [], ['query' => ['try' => $try + 1]]
+        );
+    }
+
    /**
     * Disable auto-configuration.
     *

--- a/themes/bootstrap3/templates/install/fixsslcerts.phtml
+++ b/themes/bootstrap3/templates/install/fixsslcerts.phtml
+<?
+    // Set page title.
+    $this->headTitle($this->translate('auto_configure_title'));
+
+    // Set up breadcrumbs:
+    $this->layout()->breadcrumbs = '<li><a href="' . $this->url('install-home') .'">' . $this->transEsc('auto_configure_title') . '</a></li> <li class="active">' . $this->transEsc('Fix SSL Certificates') . '</li>';
+?>
+<h2><?=$this->transEsc('auto_configure_title')?></h2>
+
+<p>VuFind is unable to verify SSL certificates. This may adversely impact consumption of secure APIs.</p>
+
+<p>Troubleshooting steps:</p>
+
+<ol>
+  <li>Try setting the sslcapath or sslcafile setting in the [Http] section of your config.ini file to point to your local certificate store.</li>
+  <li>If you wish to disable certificate checking, you can set sslverifypeer to false in the [Http] section of config.ini. This is <b>insecure</b> and <b>not recommended</b> but may be useful for initial testing purposes.</li>
+</ol>
\ No newline at end of file