[BlueOnyx:05210] Re: Error setting up SSL

Fri Aug 13 17:24:40 -05 2010

Ken - Precision Web Hosting, Inc wrote:
> What do you see at line 5 of
> /etc/httpd/conf.d/ssl_perl.conf
> 
> What does that whole file look like?

File contents pasted below. 

--------- 8< -----------

# let's assume that base-ssl does the right thing, the key and cert files 
# should always be there.  If there not, someone was messing with
# things they obviously should not have been.
<Perl>
use Apache2::PerlSections();
use lib qw(/usr/sausalito/perl);
use CCE;
use Base::Httpd qw(httpd_get_vhost_conf_file);

my $cce = new CCE;
$cce->connectuds();

my @ssl_sites = $cce->find('Vsite', { 'SSL.enabled' => 1 }, { 'SSL.expires'
=> '^.+' });

# Only a temp variable until we go the whole hog.
my (@ssl_conf, $ip, $rewrite_rules, $proto, $ret, $config);

# O.K. What we bassically want to do is build up new section in the conf
file
# for SSL sections.
for my $oid (@ssl_sites)
{
    my ($ok, $vsite) = $cce->get($oid);
    my $conf_file = httpd_get_vhost_conf_file($vsite->{name});

    open HTTPD_CONF, "<$conf_file" or die "Can't open $conf_file: $!\n";

    # reset
    @ssl_conf = ();
    %config = ();

    while(<HTTPD_CONF>) 
    {
	if ( /^<VirtualHost ([\d\.]+):80>/o ) 
        {
	    $ip = $1;
            # skip everything before the VirtualHost entry since it doesn't
need to be duplicated
            last;
	}
    }

    # read the rest
    while(<HTTPD_CONF>)
    {
	# These two are for the rewrite options
	s/http/https/go if (/^Rewrite/);
	s/80/443/go if (/^Rewrite/);
	s#https://$vsite->{fqdn}/#https://$vsite->{fqdn}:443/# if
(/^RewriteRule/);
        push @ssl_conf, $_;

	# Hardcoded, issues with mod_perl and cobalt modules.
        if (/^<\/Virtual/ && (-f "$vsite->{basedir}/certs/certificate") &&
(-f "$vsite->{basedir}/certs/key")) 
        {
	    push @Listen, "$ip:443";

	    $VirtualHost{"$ip:443"}{'SSLengine'} = 'on';
            if (-f "$vsite->{basedir}/certs/ca-certs")
            {
		$VirtualHost{"$ip:443"}{'SSLCACertificateFile'} =
"$vsite->{basedir}/certs/ca-certs";
            }

	    # Support for GoDaddy certs through separate ca-chain residing
in the Vsite's certs directory:
	    if (-f "$vsite->{basedir}/certs/ca-chain") {
		$VirtualHost{"$ip:443"}{'SSLCertificateChainFile'} =
"$vsite->{basedir}/certs/ca-chain";
	    }

	    $VirtualHost{"$ip:443"}{'SSLCertificateFile'} =
"$vsite->{basedir}/certs/certificate";
	    $VirtualHost{"$ip:443"}{'SSLCertificateKeyFile'} =
"$vsite->{basedir}/certs/key";
	    foreach my $conf (@ssl_conf) {
		if ($conf =~ /^([^ ]+) (.+)/ && $conf !~ /^#/) {
		    $VirtualHost{"$ip:443"}{"$conf"} = "";
		}
	    }
	}
    }
    close HTTPD_CONF;
}

$cce->bye('SUCCESS');

if (-f '/etc/DEBUG')
{
    use Data::Dumper;
    print Dumper(%VirtualHost);
    print STDERR Apache2::PerlSections->dump();
}
</Perl>