From 5d68d0071d4280da0cdfee44ef301dc9ef48c9b5 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Sun, 25 Feb 2018 12:27:42 -0800 Subject: [PATCH] Make missing / invalid cert file format error clearer --- webmin/lang/en | 6 ++++-- webmin/webmin-lib.pl | 10 ++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/webmin/lang/en b/webmin/lang/en index bfc329db2..f0b340ddc 100644 --- a/webmin/lang/en +++ b/webmin/lang/en @@ -338,8 +338,10 @@ ssl_extracasdef=Same as global SSL settings ssl_extracasnone=None for this IP address ssl_extracasbelow=Entered below .. ssl_err=Failed to save SSL options -ssl_ekey=The SSL private key file $1 does not exist or does not contain a PEM format key -ssl_ecert=The SSL certificate file $1 does not exist or does not contain a PEM format certificate +ssl_ekey=The SSL private key file $1 does not exist +ssl_ekey2=The SSL private key file $1 does not contain a PEM format key +ssl_ecert=The SSL certificate file $1 does not exist +ssl_ecert2=The SSL certificate file $1 does not contain a PEM format certificate ssl_newkey=This form can be used to create a new SSL key and certificate for your Webmin server. ssl_newcsr=This form can be used to create a new SSL key and certificate signing request (CSR) for your Webmin server. The CSR must be signed by a certificate authority (CA) before it can be used. ssl_hole=Because you are currently using the default Webmin SSL key that everyone has access to, you should generate a new key immediately. Otherwise your SSL connection is not secure! diff --git a/webmin/webmin-lib.pl b/webmin/webmin-lib.pl index 834961cbf..073603f8a 100755 --- a/webmin/webmin-lib.pl +++ b/webmin/webmin-lib.pl @@ -1039,15 +1039,17 @@ line. sub validate_key_cert { my ($keyfile, $certfile) = @_; +-r $keyfile || return &error(&text('ssl_ekey', $keyfile)); my $key = &read_file_contents($keyfile); $key =~ /BEGIN (RSA | EC )?PRIVATE KEY/i || - &error(&text('ssl_ekey', $keyfile)); + &error(&text('ssl_ekey2', $keyfile)); if (!$certfile) { - $key =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert', $keyfile)); + $key =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert2', $keyfile)); } else { - my $cert = &read_file_contents($_[1]); - $cert =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert', $certfile)); + -r $certfile || return &error(&text('ssl_ecert', $certfile)); + my $cert = &read_file_contents($certfile); + $cert =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert2', $certfile)); } }