Главная Обзор Помощь
Вход
yosoyhendrix
/
vesta
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

added SSL CA-bundle support

Serghey Rodin 14 лет назад
Родитель
8fe4b05a06
Сommit
5458c49d39
32 измененных файлов с 159 добавлено и 429 удалено
Разделённый вид Показать статистику Diff
  1. 0 58
      bin/v_add_sys_user_ssl
  2. 2 2
      bin/v_add_web_domain
  3. 2 2
      bin/v_add_web_domain_alias
  4. 1 1
      bin/v_add_web_domain_cgi
  5. 2 2
      bin/v_add_web_domain_elog
  6. 1 1
      bin/v_add_web_domain_nginx
  7. 20 8
      bin/v_add_web_domain_ssl
  8. 4 47
      bin/v_backup_sys_user
  9. 2 2
      bin/v_change_web_domain_ip
  10. 20 34
      bin/v_change_web_domain_sslcert
  11. 10 5
      bin/v_change_web_domain_tpl
  12. 0 55
      bin/v_del_sys_user_ssl
  13. 7 11
      bin/v_del_web_domain
  14. 2 2
      bin/v_del_web_domain_alias
  15. 1 1
      bin/v_del_web_domain_cgi
  16. 2 2
      bin/v_del_web_domain_elog
  17. 2 2
      bin/v_del_web_domain_nginx
  18. 8 11
      bin/v_del_web_domain_ssl
  19. 1 1
      bin/v_list_sys_user_backups
  20. 0 86
      bin/v_list_sys_user_ssl
  21. 1 1
      bin/v_list_web_domain
  22. 2 2
      bin/v_rebuild_web_domains
  23. 2 2
      bin/v_suspend_web_domain
  24. 2 2
      bin/v_unsuspend_web_domain
  25. 3 3
      bin/v_upd_sys_user_backups
  26. 2 1
      data/templates/apache_default.stpl
  27. 2 1
      data/templates/apache_phpcgi.stpl
  28. 2 1
      data/templates/apache_phpfcgid.stpl
  29. 2 1
      data/templates/apache_unlim.stpl
  30. 1 1
      data/templates/ngingx_vhost_default.stpl
  31. 53 5
      func/domain.func
  32. 0 76
      func/ssl.func

+ 0 - 58
bin/v_add_sys_user_ssl
Просмотреть файл 

@@ -1,58 +0,0 @@
 
-#!/bin/bash
 
-# info: adding ssl certificate
 
-
 
-#----------------------------------------------------------#
 
-#                    Variable&Function                     #
 
-#----------------------------------------------------------#
 
-
 
-# Argument defenition
 
-user=$1
 
-ssl=$2
 
-
 
-# Importing variables
 
-source $VESTA/conf/vars.conf
 
-source $V_CONF/vesta.conf
 
-source $V_FUNC/shared.func
 
-source $V_FUNC/ssl.func
 
-
 
-#----------------------------------------------------------#
 
-#                    Verifications                         #
 
-#----------------------------------------------------------#
 
-
 
-# Checking arg number
 
-check_args '2' "$#" 'user ssl'
 
-
 
-# Checking argument format
 
-format_validation 'user' 'ssl'
 
-
 
-# Checking user
 
-is_user_valid
 
-
 
-# Checking user is active
 
-is_user_suspended
 
-
 
-# Checking certificate name
 
-is_cert_free
 
-
 
-# Checking template
 
-is_cert_valid "$V_TMP"
 
-
 
-
 
-#----------------------------------------------------------#
 
-#                       Action                             #
 
-#----------------------------------------------------------#
 
-
 
-# Adding certificate to user dir
 
-mv $V_TMP/$ssl.crt $V_USERS/$user/ssl/
 
-mv $V_TMP/$ssl.key $V_USERS/$user/ssl/
 
-
 
-
 
-#----------------------------------------------------------#
 
-#                       Vesta                              #
 
-#----------------------------------------------------------#
 
-
 
-# Logging
 
-log_history "$V_EVENT" "v_del_sys_user_ssl $user $ssl"
 
-log_event 'system' "$V_EVENT"
 
-
 
-exit

+ 2 - 2
bin/v_add_web_domain
Просмотреть файл 

@@ -198,14 +198,14 @@ increase_user_value "$user" '$U_WEB_DOMAINS'
 
 
 # Defining domain variables
 
 v_str="DOMAIN='$domain'"
 
-v_str="$v_str IP='$ip'"
 
+v_str="$v_str IP='$ip' IP6=''"
 
 v_str="$v_str U_DISK='0'"
 
 v_str="$v_str U_BANDWIDTH='0'"
 
 v_str="$v_str TPL='$template'"
 
 v_str="$v_str ALIAS='$aliases'"
 
 v_str="$v_str $template_data"    # Inserting PHP, CGI and ELOG keys
 
 v_str="$v_str STATS='' STATS_AUTH=''"
 
-v_str="$v_str SSL='' SSL_HOME=''"
 
+v_str="$v_str SSL='no' SSL_HOME='single'"
 
 v_str="$v_str NGINX='' NGINX_EXT='' SUSPEND='no' DATE='$V_DATE'"
 
 
 # Registering domain

+ 2 - 2
bin/v_add_web_domain_alias
Просмотреть файл 

@@ -82,7 +82,7 @@ upd_web_domain_values
 
 del_web_config
 
 add_web_config
 
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
@@ -96,7 +96,7 @@ if [ ! -z "$NGINX" ]; then
 
     del_web_config
 
     add_web_config
 
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
         conf="$V_HOME/$user/conf/snginx.conf"

+ 1 - 1
bin/v_add_web_domain_cgi
Просмотреть файл 

@@ -64,7 +64,7 @@ del_web_config
 
 add_web_config
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config

+ 2 - 2
bin/v_add_web_domain_elog
Просмотреть файл 

@@ -64,7 +64,7 @@ del_web_config
 
 add_web_config
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
@@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then
 
     del_web_config
 
     add_web_config
 
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
         conf="$V_HOME/$user/conf/snginx.conf"

+ 1 - 1
bin/v_add_web_domain_nginx
Просмотреть файл 

@@ -68,7 +68,7 @@ conf="$V_HOME/$user/conf/nginx.conf"
 
 upd_web_domain_values
 
 add_web_config
 
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
     tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
     conf="$V_HOME/$user/conf/snginx.conf"

+ 20 - 8
bin/v_add_web_domain_ssl
Просмотреть файл 

@@ -9,7 +9,7 @@
 
 user=$1
 
 domain=$(idn -t --quiet -u "$2" )
 
 domain_idn=$(idn -t --quiet -a "$domain")
 
-ssl=$3
 
+ssl_dir=$3
 
 ssl_home=${4-single}
 
 
 # Importing variables
 
@@ -25,10 +25,10 @@ source $V_FUNC/ip.func
 
 #----------------------------------------------------------#
 
 
 # Checking arg number
 
-check_args '3' "$#" 'user domain ssl [sslhome]'
 
+check_args '3' "$#" 'user domain ssl_dir [ssl_home]'
 
 
 # Checking argument format
 
-format_validation 'user' 'domain' 'ssl'
 
+format_validation 'user' 'domain' 'ssl_dir'
 
 
 # Checking web system is enabled
 
 is_system_enabled 'web'
 
@@ -59,12 +59,20 @@ is_web_domain_cert_valid
 
 #                       Action                             #
 
 #----------------------------------------------------------#
 
 
+# Adding certificate to user data directory
 
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
 
+cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
 
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
 
+if [ -e "$ssl_dir/$domain.ca" ]; then
 
+    cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
 
+    cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
 
+fi
 
+
 
 # Parsing domain values
 
 get_web_domain_values
 
 conf="$V_HOME/$user/conf/shttpd.conf"
 
 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
-SSL=$ssl
 
-SSL_HOME=$ssl_home
 
+SSL_HOME="$ssl_home"
 
 
 # Checking ip ownership
 
 is_sys_ip_owner
 
@@ -76,8 +84,12 @@ upd_web_domain_values
 
 add_web_config
 
 
 # Adding certificate to user dir
 
-cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
 
-cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
 
+cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
 
+cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
 
+cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
 
+if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
 
+    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
 
+fi
 
 
 # Running template trigger
 
 if [ -x $V_WEBTPL/apache_$template.sh ]; then
 
@@ -115,8 +127,8 @@ fi
 
 increase_user_value "$user" '$U_WEB_SSL'
 
 
 # Adding ssl values
 
-update_web_domain_value '$SSL' "$SSL"
 
 update_web_domain_value '$SSL_HOME' "$SSL_HOME"
 
+update_web_domain_value '$SSL' 'yes'
 
 
 # Logging
 
 log_history "$V_EVENT" "v_del_web_domain_ssl $user $domain"

+ 4 - 47
bin/v_backup_sys_user
Просмотреть файл 

@@ -100,31 +100,6 @@ if [ -e "$V_USERS/$user/backup.excludes" ]; then
 
     cp -r $V_USERS/$user/backup.excludes $tmpdir/vesta/
 
 fi
 
 
-if [ -e "$V_USERS/$user/cron.conf" ]; then
 
-    echo -e "$(date "+%F %T") cron.conf"
 
-    cp -r $V_USERS/$user/cron.conf $tmpdir/vesta/
 
-fi
 
-
 
-if [ -e "$V_USERS/$user/db.conf" ]; then
 
-    echo -e "$(date "+%F %T") db.conf"
 
-    cp -r $V_USERS/$user/db.conf $tmpdir/vesta/
 
-fi
 
-
 
-if [ -e "$V_USERS/$user/dns.conf" ]; then
 
-    echo -e "$(date "+%F %T") dns.conf"
 
-    cp -r $V_USERS/$user/dns.conf $tmpdir/vesta/
 
-fi
 
-
 
-if [ -e "$V_USERS/$user/mail.conf" ]; then
 
-    echo -e "$(date "+%F %T") mail.conf"
 
-    cp -r $V_USERS/$user/mail.conf $tmpdir/vesta/
 
-fi
 
-
 
-
 
-if [ -e "$V_USERS/$user/web.conf" ]; then
 
-    echo -e "$(date "+%F %T") web.conf"
 
-    cp -r $V_USERS/$user/web.conf $tmpdir/vesta/
 
-fi
 
 
 echo
 
 
@@ -205,7 +180,7 @@ then
 
             sed -n "$top_line,$bottom_line p" $conf > conf/httpd.conf
 
 
             # SSL check
 
-            if [ ! -z "$SSL" ]; then
 
+            if [ "$SSL" = 'yes' ]; then
 
                 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
                 conf="$V_HOME/$user/conf/shttpd.conf"
 
                 get_web_config_brds
 
@@ -221,7 +196,7 @@ then
 
             sed -n "$top_line,$bottom_line p" $conf > conf/nginx.conf
 
 
             # SSL check
 
-            if [ ! -z "$SSL" ] ; then
 
+            if [ "$SSL" = 'yes' ] ; then
 
                 tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
                 conf="$V_HOME/$user/conf/snginx.conf"
 
                 get_web_config_brds
 
@@ -235,8 +210,8 @@ then
 
         done
 
 
         # SSL Certificates
 
-        if [ ! -z "$SSL" ] ; then
 
-            cp $V_HOME/$user/conf/$SSL.* ssl/
 
+        if [ "$SSL" = 'yes' ] ; then
 
+            cp $V_HOME/$user/conf/ssl.$domain.* ssl/
 
         fi
 
 
         tar -rf $tmpdir/web/$domain/$domain.tar conf ssl
 
@@ -353,23 +328,6 @@ then
 
     echo
 
 fi
 
 
-# SSL CERTIFICATES
 
-if [ ! -z "$WEB_SSL" ] && [ "$WEB_SSL" != 'no' ] && [ "$SSL" != '*' ]; then
 
-    echo "-- SSL --"
 
-    mkdir $tmpdir/ssl
 
-
 
-    # Backingup ssl certificates
 
-    cert_list=$(ls $V_USERS/$user/ssl/ | grep ".crt" |\
 
-                sed -e "s/\.crt$//" |\
 
-                tr '\n' ' ' |\
 
-                sed -e 's/ $//' )
 
-    for cert in $cert_list; do
 
-        echo -e "$(date "+%F %T") $cert"
 
-        cp $V_USERS/$user/ssl/$cert.* $tmpdir/ssl/
 
-    done
 
-    echo
 
-fi
 
-
 
 # Get backup size
 
 size="$(du -shm $tmpdir | cut -f 1)"
 
 
@@ -539,7 +497,6 @@ backup_str="$backup_str WEB='${web_list// /,}'"
 
 backup_str="$backup_str DNS='${dns_list// /,}'"
 
 backup_str="$backup_str MAIL='${mail_list// /,}'"
 
 backup_str="$backup_str DB='${db_list// /,}'"
 
-backup_str="$backup_str SSL='${cert_list// /,}'"
 
 backup_str="$backup_str CRON='$cron_list'"
 
 echo "$backup_str" >> $V_USERS/$user/backup.conf

+ 2 - 2
bin/v_change_web_domain_ip
Просмотреть файл 

@@ -61,7 +61,7 @@ new=$ip
 
 replace_web_config
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     replace_web_config
 
@@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then
 
 fi
 
 
 # Checking nginx
 
-if [ ! -z "$SSL" ] && [ ! -z "$NGINX" ]; then 
+if [ "$SSL" = 'yes' ] && [ ! -z "$NGINX" ]; then 
     tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
     conf="$V_HOME/$user/conf/snginx.conf"
 
     replace_web_config

+ 20 - 34
bin/v_change_web_domain_sslcert
Просмотреть файл 

@@ -9,7 +9,7 @@
 
 user=$1
 
 domain=$(idn -t --quiet -u "$2" )
 
 domain_idn=$(idn -t --quiet -a "$domain")
 
-ssl=$3
 
+ssl_dir=$3
 
 
 # Importing variables
 
 source $VESTA/conf/vars.conf
 
@@ -54,38 +54,27 @@ is_web_domain_cert_valid
 
 #                       Action                             #
 
 #----------------------------------------------------------#
 
 
-# Parsing domain values
 
-get_web_domain_values
 
-tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
-conf="$V_HOME/$user/conf/shttpd.conf"
 
-old_ssl="$SSL"
 
-SSL="$ssl"
 
-
 
-# Preparing domain values for the template substitution
 
-upd_web_domain_values
 
-
 
-# Recreating vhost
 
-del_web_config
 
-add_web_config
 
-
 
-# Checking nginx
 
-if [ ! -z "$NGINX" ]; then
 
-    proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
-    tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
-    conf="$V_HOME/$user/conf/snginx.conf"
 
-    del_web_config
 
-    add_web_config
 
+# Deleting old certificate
 
+tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d)
 
+rm -f $V_HOME/$user/conf/ssl.$domain.*
 
+mv $V_USERS/$user/ssl/$domain.* $tmpdir
 
+chown -R $user:$user $tmpdir
 
+
 
+# Adding new certificate to user data directory
 
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.crt
 
+cp -f $ssl_dir/$domain.key $V_USERS/$user/ssl/$domain.key
 
+cp -f $ssl_dir/$domain.crt $V_USERS/$user/ssl/$domain.pem
 
+if [ -e "$ssl_dir/$domain.ca" ]; then
 
+    cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
 
+    cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
 
 fi
 
 
 # Adding new certificate to user dir
 
-cp -f $V_USERS/$user/ssl/$SSL.crt $ssl_cert
 
-cp -f $V_USERS/$user/ssl/$SSL.key $ssl_key
 
-
 
-# Deleting old certificate
 
-check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l)
 
-if [ "$check_cert"  -lt 2 ]; then
 
-    rm -f $V_HOME/$user/conf/$old_ssl.crt
 
-    rm -f $V_HOME/$user/conf/$old_ssl.key
 
+cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
 
+cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
 
+cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
 
+if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
 
+    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
 
 fi
 
 
 
@@ -93,14 +82,11 @@ fi
 
 #                       Vesta                              #
 
 #----------------------------------------------------------#
 
 
-# Adding sslcert in config
 
-update_web_domain_value '$SSL' "$SSL"
 
-
 
 # Adding task to the vesta pipe
 
 restart_schedule 'web'
 
 
 # Logging
 
-log_history "$V_EVENT" "$V_SCRIPT $user $domain $old_ssl"
 
+log_history "$V_EVENT" "$V_SCRIPT $user $domain $tmpdir"
 
 log_event 'system' "$V_EVENT"
 
 
 exit

+ 10 - 5
bin/v_change_web_domain_tpl
Просмотреть файл 

@@ -62,7 +62,7 @@ conf="$V_HOME/$user/conf/httpd.conf"
 
 del_web_config
 
 
 # Deleting ssl vhost
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
@@ -139,10 +139,15 @@ if [ -x $V_WEBTPL/apache_$template.sh ]; then
 
 fi
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
-    # Defining variables for ssl template replace
 
-    ssl_cert="$V_HOME/$user/conf/$SSL.crt"
 
-    ssl_key="$V_HOME/$user/conf/$SSL.key"
 
+if [ "$SSL" = 'yes' ]; then
 
+    # Defining SSL vars
 
+    ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt"
 
+    ssl_key="$V_HOME/$user/conf/ssl.$domain.key"
 
+    ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem"
 
+    ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca"
 
+    if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then
 
+        ssl_ca_str='#'
 
+    fi
 
     case $SSL_HOME in
 
         single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;;
 
         same)   docroot="$V_HOME/$user/web/$domain/public_html" ;;

+ 0 - 55
bin/v_del_sys_user_ssl
Просмотреть файл 

@@ -1,55 +0,0 @@
 
-#!/bin/bash
 
-# info: adding ssl certificate
 
-
 
-#----------------------------------------------------------#
 
-#                    Variable&Function                     #
 
-#----------------------------------------------------------#
 
-
 
-# Argument defenition
 
-user=$1
 
-ssl=$2
 
-
 
-# Importing variables
 
-source $VESTA/conf/vars.conf
 
-source $V_CONF/vesta.conf
 
-source $V_FUNC/shared.func
 
-source $V_FUNC/ssl.func
 
-
 
-
 
-#----------------------------------------------------------#
 
-#                    Verifications                         #
 
-#----------------------------------------------------------#
 
-
 
-# Checking arg number
 
-check_args '2' "$#" 'user certificate'
 
-
 
-# Checking argument format
 
-format_validation 'user' 'certificate'
 
-
 
-# Checking user
 
-is_user_valid
 
-
 
-# Checking user is active
 
-is_user_suspended
 
-
 
-# Checking certificate 
-is_cert_used
 
-
 
-
 
-#----------------------------------------------------------#
 
-#                       Action                             #
 
-#----------------------------------------------------------#
 
-
 
-# Deleting certificate
 
-rm -f $V_USERS/$user/ssl/$ssl.*
 
-
 
-
 
-#----------------------------------------------------------#
 
-#                       Vesta                              #
 
-#----------------------------------------------------------#
 
-
 
-# Logging
 
-log_history "$V_EVENT"
 
-log_event 'system' "$V_EVENT"
 
-
 
-exit

+ 7 - 11
bin/v_del_web_domain
Просмотреть файл 

@@ -57,18 +57,14 @@ conf="$V_HOME/$user/conf/httpd.conf"
 
 del_web_config
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
 
-    # Deleting old certificate
 
-    check_cert=$(grep "SSL='$SSL'" $V_USERS/$user/web.conf |wc -l)
 
-    if [ "$check_cert" -lt 2 ]; then
 
-        rm -f $V_HOME/$user/conf/$SSL.crt
 
-        rm -f $V_HOME/$user/conf/$SSL.key
 
-    fi
 
-
 
+    # Deleting certificates
 
+    rm -f $V_HOME/$user/conf/ssl.$domain.*
 
+    rm -f $V_USERS/$user/ssl/$domain.*
 
 fi
 
 
 # Checking nginx
 
@@ -77,7 +73,7 @@ if [ ! -z "$NGINX" ]; then
 
     conf="$V_HOME/$user/conf/nginx.conf"
 
     del_web_config
 
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
         conf="$V_HOME/$user/conf/snginx.conf"
 
@@ -117,7 +113,7 @@ rm -rf /var/log/httpd/domains/$domain.error*
 
 del_web_domain
 
 
 # Checking last ssl domain
 
-ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf | wc -l)
 
+ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf | wc -l)
 
 if [ "$ssl_dom" -eq '0' ]; then
 
     sed -i "s/ Include /#Include /"  $V_HOME/$user/conf/httpd.conf
 
 fi
 
@@ -135,7 +131,7 @@ fi
 
 # Checking last nginx domain
 
 conf='/etc/nginx/conf.d/vesta_users.conf'
 
 last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
 
-last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
 
+last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
 
 if [ -z "$last_snginx" ]; then
 
     sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
 
     if [ ! -z "$sline" ]; then

+ 2 - 2
bin/v_del_web_domain_alias
Просмотреть файл 

@@ -73,7 +73,7 @@ upd_web_domain_values
 
 del_web_config
 
 add_web_config
 
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
@@ -87,7 +87,7 @@ if [ ! -z "$NGINX" ]; then
 
     del_web_config
 
     add_web_config
 
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
         conf="$V_HOME/$user/conf/snginx.conf"

+ 1 - 1
bin/v_del_web_domain_cgi
Просмотреть файл 

@@ -63,7 +63,7 @@ del_web_config
 
 add_web_config
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config

+ 2 - 2
bin/v_del_web_domain_elog
Просмотреть файл 

@@ -64,7 +64,7 @@ del_web_config
 
 add_web_config
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
@@ -78,7 +78,7 @@ if [ ! -z "$NGINX" ]; then
 
     del_web_config
 
     add_web_config
 
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
         conf="$V_HOME/$user/conf/snginx.conf"

+ 2 - 2
bin/v_del_web_domain_nginx
Просмотреть файл 

@@ -57,7 +57,7 @@ conf="$V_HOME/$user/conf/nginx.conf"
 
 del_web_config
 
 
 # Checking ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
     conf="$V_HOME/$user/conf/snginx.conf"
 
     del_web_config
 
@@ -75,7 +75,7 @@ update_web_domain_value '$NGINX_EXT' ''
 
 # Checking last nginx domain
 
 conf='/etc/nginx/conf.d/vesta_users.conf'
 
 last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
 
-last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
 
+last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
 
 if [ -z "$last_snginx" ]; then
 
     sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
 
     if [ ! -z "$sline" ]; then

+ 8 - 11
bin/v_del_web_domain_ssl
Просмотреть файл 

@@ -54,7 +54,6 @@ is_web_domain_value_exist '$SSL'
 
 get_web_domain_values
 
 conf="$V_HOME/$user/conf/shttpd.conf"
 
 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
-old_ssl="$SSL"
 
 
 # Deleting domain
 
 del_web_config
 
@@ -67,11 +66,10 @@ if [ ! -z "$NGINX" ]; then
 
 fi
 
 
 # Deleting old certificate
 
-check_cert=$(grep "SSL='$old_ssl'" $V_USERS/$user/web.conf |wc -l)
 
-if [ "$check_cert"  -lt 2 ]; then
 
-    rm -f $V_HOME/$user/conf/$old_ssl.crt
 
-    rm -f $V_HOME/$user/conf/$old_ssl.key
 
-fi
 
+tmpdir=$(mktemp -p $V_HOME/$user/web/$domain/private -d)
 
+rm -f $V_HOME/$user/conf/ssl.$domain.*
 
+mv $V_USERS/$user/ssl/$domain.* $tmpdir
 
+chown -R $user:$user $tmpdir
 
 
 
 #----------------------------------------------------------#
 
@@ -79,11 +77,10 @@ fi
 
 #----------------------------------------------------------#
 
 
 # Deleting ssl in config
 
-update_web_domain_value '$SSL' ''
 
-update_web_domain_value '$SSL_HOME' ''
 
+update_web_domain_value '$SSL' 'no'
 
 
 # Checking last ssl domain
 
-ssl_dom=$(grep -v "SSL=''" $V_USERS/$user/web.conf)
 
+ssl_dom=$(grep "SSL='yes'" $V_USERS/$user/web.conf)
 
 main_conf='/etc/httpd/conf.d/vesta.conf'
 
 conf="$V_HOME/$user/conf/shttpd.conf"
 
 if [ -z "$ssl_dom" ]; then
 
@@ -94,7 +91,7 @@ fi
 
 # Checking last nginx domain
 
 conf='/etc/nginx/conf.d/vesta_users.conf'
 
 last_nginx=$(grep -v "NGINX=''" $V_USERS/$user/web.conf)
 
-last_snginx=$(echo "$last_nginx" | grep -v "SSL=''")
 
+last_snginx=$(echo "$last_nginx" | grep "SSL='yes'")
 
 if [ -z "$last_snginx" ]; then
 
     sline=$(grep -n "$V_HOME/$user/conf/snginx.conf" $conf | cut -f 1 -d : )
 
     if [ ! -z "$sline" ]; then
 
@@ -110,7 +107,7 @@ decrease_user_value "$user" '$U_WEB_SSL'
 
 restart_schedule 'web'
 
 
 # Logging
 
-log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $SSL $SSL_HOME"
 
+log_history "$V_EVENT" "v_add_web_domain_ssl $user $domain $tmpdir $SSL_HOME"
 
 log_event 'system' "$V_EVENT"
 
 
 exit

+ 1 - 1
bin/v_list_sys_user_backups
Просмотреть файл 

@@ -39,7 +39,7 @@ fi
 
 
 # Defining fileds to select
 
 fields="\$DATE \$TIME \$RUNTIME \$TYPE \$SIZE \$VESTA \$PAM \$WEB \$DNS \$DB"
 
-fields="$fields \$MAIL \$SSL \$CRON"
 
+fields="$fields \$MAIL \$CRON"
 
 
 # Listing domains
 
 case $format in

+ 0 - 86
bin/v_list_sys_user_ssl
Просмотреть файл 

@@ -1,86 +0,0 @@
 
-#!/bin/bash
 
-# info: listing ssl certificates
 
-
 
-#----------------------------------------------------------#
 
-#                    Variable&Function                     #
 
-#----------------------------------------------------------#
 
-
 
-# Argument defenition
 
-user=$1
 
-format=${2-shell}
 
-
 
-# Importing variables
 
-source $VESTA/conf/vars.conf
 
-source $V_FUNC/shared.func
 
-
 
-# Json function
 
-json_list_cert() {
 
-    # Print top bracket
 
-    echo '['
 
-
 
-    # Checking certificates number
 
-    certificates=$(ls $V_USERS/$user/ssl/ |grep '.crt' )
 
-    certificates_count=$(echo "$certificates" | wc -l)
 
-    i=1
 
-
 
-    # Listing files by mask
 
-    for cert in $certificates; do
 
-        if [ $i -eq $certificates_count ]; then
 
-             echo -e "\t\"${cert//.crt/}\""
 
-        else
 
-             echo -e "\t\"${cert//.crt/}\","
 
-        fi
 
-        (( ++i))
 
-    done
 
-
 
-    # Printing bottom bracket
 
-    echo -e "]"
 
-}
 
-
 
-# Shell function
 
-shell_list_cert() {
 
-    if [ -z "$nohead" ] ; then
 
-        # Print brief info
 
-        echo "Certificate"
 
-        echo "----------"
 
-    fi
 
-
 
-    # Listing files by mask
 
-    for cert in $(ls $V_USERS/$user/ssl/ | grep '.crt'); do
 
-        # Print result
 
-        echo "${cert//.crt/}"
 
-    done
 
-}
 
-
 
-
 
-#----------------------------------------------------------#
 
-#                    Verifications                         #
 
-#----------------------------------------------------------#
 
-
 
-# Checking args
 
-check_args '1' "$#" 'user [format] [limit] [offset]'
 
-
 
-# Checking argument format
 
-format_validation 'user'
 
-
 
-# Checking user
 
-is_user_valid
 
-
 
-#----------------------------------------------------------#
 
-#                       Action                             #
 
-#----------------------------------------------------------#
 
-
 
-# Listing domains
 
-case $format in 
-    json)   json_list_cert  ;;
 
-    plain)  nohead=1; shell_list_cert ;;
 
-    shell)  shell_list_cert | column -t ;;
 
-    *)      check_args '1' '0' 'user [format]' ;;
 
-esac
 
-
 
-
 
-#----------------------------------------------------------#
 
-#                       Vesta                              #
 
-#----------------------------------------------------------#
 
-
 
-exit

+ 1 - 1
bin/v_list_web_domain
Просмотреть файл 

@@ -102,7 +102,7 @@ fields='$DOMAIN $IP $U_DISK $U_BANDWIDTH $TPL $ALIAS $PHP $CGI $ELOG $STATS
 
 case $format in 
     json)   json_list_domain ;;
 
     plain)  nohead=1; shell_list_domain ;;
 
-    shell)  shell_list_domain | column -t ;;
 
+    shell)  shell_list_domain |column -t ;;
 
     *)      check_args '2' '0' 'user domain [format]'
 
 esac

+ 2 - 2
bin/v_rebuild_web_domains
Просмотреть файл 

@@ -70,7 +70,7 @@ for domain in $(shell_list) ; do
 
     fi
 
 
     # Checking ssl
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         # Adding domain to the shttpd.conf
 
         conf="$V_HOME/$user/conf/tmp_shttpd.conf"
 
         tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
@@ -90,7 +90,7 @@ for domain in $(shell_list) ; do
 
         conf="$V_HOME/$user/conf/tmp_nginx.conf"
 
         add_web_config
 
 
-        if [ ! -z "$SSL" ]; then
 
+        if [ "$SSL" = 'yes' ]; then
 
             if [ "$SUSPEND" = 'yes' ]; then
 
                 proxy_string="rewrite ^(.*)\$ http://$url;"
 
             else

+ 2 - 2
bin/v_suspend_web_domain
Просмотреть файл 

@@ -61,7 +61,7 @@ del_web_config
 
 add_web_config
 
 
 # Check ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
@@ -75,7 +75,7 @@ if [ ! -z "$NGINX" ]; then
 
     del_web_config
 
     add_web_config
 
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         proxy_string="rewrite ^(.*)\$ http://$url;"
 
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
         conf="$V_HOME/$user/conf/snginx.conf"

+ 2 - 2
bin/v_unsuspend_web_domain
Просмотреть файл 

@@ -58,7 +58,7 @@ del_web_config
 
 add_web_config
 
 
 # Check ssl
 
-if [ ! -z "$SSL" ]; then
 
+if [ "$SSL" = 'yes' ]; then
 
     tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 
     conf="$V_HOME/$user/conf/shttpd.conf"
 
     del_web_config
 
@@ -72,7 +72,7 @@ if [ ! -z "$NGINX" ]; then
 
     del_web_config
 
     add_web_config
 
 
-    if [ ! -z "$SSL" ]; then
 
+    if [ "$SSL" = 'yes' ]; then
 
         proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
 
         tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
 
         conf="$V_HOME/$user/conf/snginx.conf"

+ 3 - 3
bin/v_upd_sys_user_backups
Просмотреть файл 

@@ -213,7 +213,7 @@ if [ -e "$tmp_file" ]; then
 
 fi
 
 
 # Checking local
 
-if [ "$type" == 'local' ]; then
 
+if [ "$type" = 'local' ]; then
 
     backups=$(ls $V_BACKUP |grep "^$user."|sort)
 
     for backup in $backups; do
 
         get_backup_info $V_BACKUP/$backup $type >> $tmp_file
 
@@ -221,7 +221,7 @@ if [ "$type" == 'local' ]; then
 
 fi
 
 
 # Checking ftp
 
-if [ "$type" == 'ftp' ]; then
 
+if [ "$type" = 'ftp' ]; then
 
     tmpdir=$(mktemp -p $V_BACKUP -d)
 
     ftmpdir=$(basename $tmpdir)
 
     init_ftp_variables
 
@@ -242,7 +242,7 @@ if [ "$type" == 'ftp' ]; then
 
 fi
 
 
 # Checking both local and ftp
 
-if [ "$type" == 'ftp,local' ] || [ "$type" == 'local,ftp' ]; then
 
+if [ "$type" = 'ftp,local' ] || [ "$type" = 'local,ftp' ]; then
 
 
     tmpdir=$(mktemp -p $V_BACKUP -d)
 
     ftmpdir=$(basename $tmpdir)

+ 2 - 1
data/templates/apache_default.stpl
Просмотреть файл 

@@ -31,8 +31,9 @@
 
     php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
 
     SSLEngine on
 
     SSLVerifyClient none
 
-    SSLCertificateFile %ssl_cert%
 
+    SSLCertificateFile %ssl_crt%
 
     SSLCertificateKeyFile %ssl_key%
 
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
 
     <IfModule mod_ruid2.c>
 
         RMode config
 
         RUidGid %user% %group%

+ 2 - 1
data/templates/apache_phpcgi.stpl
Просмотреть файл 

@@ -25,8 +25,9 @@
 
     php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
 
     SSLEngine on
 
     SSLVerifyClient none
 
-    SSLCertificateFile %ssl_cert%
 
+    SSLCertificateFile %ssl_crt%
 
     SSLCertificateKeyFile %ssl_key%
 
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
 
 
     Include %home%/%user%/conf/shttpd.%domain%.conf*

+ 2 - 1
data/templates/apache_phpfcgid.stpl
Просмотреть файл 

@@ -25,8 +25,9 @@
 
     php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp
 
     SSLEngine on
 
     SSLVerifyClient none
 
-    SSLCertificateFile %ssl_cert%
 
+    SSLCertificateFile %ssl_crt%
 
     SSLCertificateKeyFile %ssl_key%
 
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
 
 
     Include %home%/%user%/conf/shttpd.%domain%.conf*

+ 2 - 1
data/templates/apache_unlim.stpl
Просмотреть файл 

@@ -31,8 +31,9 @@
 
     php_admin_value open_basedir none
 
     SSLEngine on
 
     SSLVerifyClient none
 
-    SSLCertificateFile %ssl_cert%
 
+    SSLCertificateFile %ssl_crt%
 
     SSLCertificateKeyFile %ssl_key%
 
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
 
 
     <IfModule mod_ruid2.c>
 
         RMode config

+ 1 - 1
data/templates/ngingx_vhost_default.stpl
Просмотреть файл 

@@ -3,7 +3,7 @@ server {
 
     server_name %domain_idn% %alias_idn%;
 
     server_name_in_redirect off;
 
     ssl         on;
 
-    ssl_certificate      %ssl_cert%;
 
+    ssl_certificate      %ssl_pem%;
 
     ssl_certificate_key  %ssl_key%;
 
     %elog%error_log  /var/log/httpd/domains/%domain%.error.log error;

+ 53 - 5
func/domain.func
Просмотреть файл 

@@ -239,8 +239,10 @@ add_web_config() {
 
             -e "s/%alias_string%/$alias_string/g" \
 
             -e "s/%alias_idn%/${aliases_idn//,/ }/g" \
 
             -e "s/%alias%/${aliases//,/ }/g" \
 
-            -e "s/%ssl_cert%/${ssl_cert////\/}/g" \
 
+            -e "s/%ssl_crt%/${ssl_crt////\/}/g" \
 
             -e "s/%ssl_key%/${ssl_key////\/}/g" \
 
+            -e "s/%ssl_pem%/${ssl_pem////\/}/g" \
 
+            -e "s/%ssl_ca_str%/${ssl_ca_str////\/}/g" \
 
             -e "s/%nginx_extentions%/${NGINX_EXT//,/|}/g" \
 
             -e "s/%elog%/$elog/g" \
 
             -e "s/%cgi%/$cgi/g" \
 
@@ -448,13 +450,53 @@ is_web_domain_key_empty() {
 
 }
 
 
 is_web_domain_cert_valid() {
 
+
 
     # Checking file existance
 
-    path="$V_USERS/$user/ssl"
 
-    if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then
 
+    if [ ! -e "$ssl_dir/$domain.crt" ] || [ ! -e "$ssl_dir/$domain.key" ]; then
 
         echo "Error: certificate not exist"
 
         log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT"
 
         exit $E_CERT_NOTEXIST
 
     fi
 
+
 
+    # Checking certificate
 
+    crt=$(openssl verify $ssl_dir/$domain.crt 2>/dev/null |grep '/C=')
 
+    if [ -z "$crt" ]; then
 
+        echo "Error: certificate invalid"
 
+        log_event 'debug' "$E_CERT_INVALID $V_EVENT"
 
+        exit $E_CERT_INVALID
 
+    fi
 
+
 
+    # Checking certificate key
 
+    openssl rsa -in "$ssl_dir/$domain.key" -check >/dev/null 2>/dev/null
 
+    if [ "$?" -ne 0 ]; then
 
+        echo "Error: key invalid"
 
+        log_event 'debug' "$E_KEY_INVALID $V_EVENT"
 
+        exit $E_KEY_INVALID
 
+    fi
 
+
 
+    # Checking certificate authority
 
+    if [ -e "$ssl_dir/$domain.ca" ]; then
 
+        ca=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep '/C=')
 
+        if [ -z "$ca" ]; then
 
+            echo "Error: certificate invalid"
 
+            log_event 'debug' "$E_CERT_INVALID $V_EVENT"
 
+            exit $E_CERT_INVALID
 
+        fi
 
+    fi
 
+
 
+    # Checking server
 
+    openssl s_server -quiet \
 
+        -cert $ssl_dir/$domain.crt -key $ssl_dir/$domain.key &
 
+    pid=$!
 
+    sleep 1
 
+    disown > /dev/null 2>&1
 
+    kill $pid > /dev/null 2>&1
 
+    result=$?
 
+    if [ "$result" -ne '0' ]; then
 
+        echo "Error: certificate key pair invalid"
 
+        log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT"
 
+        exit $E_CERTKEY_INVALID
 
+    fi
 
 }
 
 
 
@@ -733,8 +775,14 @@ upd_web_domain_values() {
 
     fi
 
 
     # Defining SSL vars
 
-    ssl_cert="$V_HOME/$user/conf/$SSL.crt"
 
-    ssl_key="$V_HOME/$user/conf/$SSL.key"
 
+    ssl_crt="$V_HOME/$user/conf/ssl.$domain.crt"
 
+    ssl_key="$V_HOME/$user/conf/ssl.$domain.key"
 
+    ssl_pem="$V_HOME/$user/conf/ssl.$domain.pem"
 
+    ssl_ca="$V_HOME/$user/conf/ssl.$domain.ca"
 
+    if [ ! -e "$V_USERS/$user/ssl/$domain.ca" ]; then
 
+        ssl_ca_str='#'
 
+    fi
 
+
 
     case $SSL_HOME in
 
         single) docroot="$V_HOME/$user/web/$domain/public_shtml" ;;
 
         same) docroot="$V_HOME/$user/web/$domain/public_html" ;;

+ 0 - 76
func/ssl.func
Просмотреть файл 

@@ -1,76 +0,0 @@
 
-is_cert_free() {
 
-    # Defining path
 
-    user_cert="$V_USERS/$user/ssl/$cert"
 
-
 
-    # Checking file existance
 
-    if [ -e "$user_cert.crt" ] || [ -e "$user_cert.key" ]; then
 
-        echo "Error: certificate exist"
 
-        log_event 'debug' "$E_CERT_EXIST $V_EVENT"
 
-        exit $E_CERT_EXIST
 
-    fi
 
-}
 
-
 
-is_cert_valid() {
 
-    path="$1"
 
-
 
-    # Checking file existance
 
-    if [ ! -e "$path/$ssl.crt" ] || [ ! -e "$path/$ssl.key" ]; then
 
-        echo "Error: certificate not exist"
 
-        log_event 'debug' "$E_CERT_NOTEXIST $V_EVENT"
 
-        exit $E_CERT_NOTEXIST
 
-    fi
 
-
 
-    # Checking crt file
 
-    crt=$(openssl verify "$path/$ssl.crt" 2>/dev/null|tail -n 1|grep -w 'OK')
 
-    if [ -z "$crt" ]; then
 
-        echo "Error: certificate invalid"
 
-        log_event 'debug' "$E_CERT_INVALID $V_EVENT"
 
-        exit $E_CERT_INVALID
 
-    fi
 
-
 
-    # Checking key file
 
-    key=$(openssl rsa -in "$path/$ssl.key" -check 2>/dev/null|\
 
-        head -n1|grep -w 'ok')
 
-    if [ -z "$key" ]; then
 
-        echo "Error: key invalid"
 
-        log_event 'debug' "$E_KEY_INVALID $V_EVENT"
 
-        exit $E_KEY_INVALID
 
-    fi
 
-
 
-    # FIXME we should run server on free port
 
-    # Checking server
 
-    cmd="openssl s_server -quiet -cert $path/$ssl.crt -key $path/$ssl.key"
 
-    $cmd &
 
-
 
-    # Defining pid
 
-    pid=$!
 
-
 
-    # Sleep 1 second
 
-    sleep 1
 
-
 
-    # Disown background process
 
-    disown > /dev/null 2>&1
 
-
 
-    # Killing ssl server
 
-    kill $pid > /dev/null 2>&1
 
-
 
-    # Checking result
 
-    result=$?
 
-    if [ "$result" -ne '0' ]; then
 
-        echo "Error: certificate key pair invalid"
 
-        log_event 'debug' "$E_CERTKEY_INVALID $V_EVENT"
 
-        exit $E_CERTKEY_INVALID
 
-    fi
 
-}
 
-
 
-is_cert_used() {
 
-    # Parsing config
 
-    check_cert=$(grep "SSL='$ssl'" $V_USERS/$user/*.conf)
 
-
 
-    # Checking result
 
-    if [ ! -z "$check_cert" ]; then
 
-        echo "Error: certificate used"
 
-        log_event 'debug' "$E_CERT_USED $V_EVENT"
 
-        exit $E_CERT_USED
 
-    fi
 
-}