From 980485c46c2d0fab48410dc5aedb1a2fafa40a34 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 17 Oct 2014 06:04:41 -0400
Subject: [PATCH] Fixed: FS#3696 - Interface SSL keys should be owned by root - Improved postfix SSL configuration to protect against poodle attack.

---
 install/lib/installer_base.lib.php |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 5958d9d..86429a9 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1716,6 +1716,8 @@
 		exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
 		rename($ssl_key_file, $ssl_key_file.'.secure');
 		rename($ssl_key_file.'.insecure', $ssl_key_file);
+		
+		exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
 
 	}
 
@@ -1994,6 +1996,8 @@
 			exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
 			exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
 		}
+		
+		exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
 
 		// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
 		// and must be fixed as this will allow the apache user to read the ispconfig files.

--
Gitblit v1.9.1