inc: remove backwards compat for base openssl

8515fb0c · Franco Fichtner · c7ca7fc8 · 8515fb0c · 8515fb0c · 8515fb0c
Commit 8515fb0c authored Apr 02, 2015 by Franco Fichtner
5 changed files
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@@ -463,18 +463,6 @@ function cert_get_modulus($str_crt, $decode = true, $type = 'crt')
 	$type_cmd = array('x509', 'rsa', 'req');
 	$modulus = '';
-	if (file_exists('/usr/local/bin/openssl')) {
-		/* use the ports version */
-		$bin_openssl = '/usr/local/bin/openssl';
-	} elseif (file_exists('/usr/bin/openssl')) {
-		/* use the base version (legacy fallback) */
-		$bin_openssl = '/usr/bin/openssl';
-	} else {
-		/* the infamous "this should never happen" */
-		log_error(_('Could not find an OpenSSL implementation on your system.'));
-		return $modulus;
-	}
 	if ($decode) {
 		$str_crt = base64_decode($str_crt);
 	}
@@ -482,9 +470,8 @@ function cert_get_modulus($str_crt, $decode = true, $type = 'crt')
 	if (in_array($type, $type_list)) {
 		$type = str_replace($type_list, $type_cmd, $type);
 		$modulus = exec(sprintf(
-			'echo %s | %s %s -noout -modulus',
+			'echo %s | /usr/local/bin/openssl %s -noout -modulus',
 			escapeshellarg($str_crt),
-			$bin_openssl,
 			escapeshellarg($type)
 		));
 	}

--- a/src/etc/inc/crypt.inc
+++ b/src/etc/inc/crypt.inc
@@ -30,26 +30,14 @@ function _crypt_data($val, $pass, $opt)
 {
 	$result = '';
-	if (file_exists('/usr/local/bin/openssl')) {
-		/* use the ports version */
-		$bin_openssl = '/usr/local/bin/openssl';
-	} elseif (file_exists('/usr/bin/openssl')) {
-		/* use the base version (legacy fallback) */
-		$bin_openssl = '/usr/bin/openssl';
-	} else {
-		/* the infamous "this should never happen" */
-		log_error(_('Could not find an OpenSSL implementation on your system.'));
-		return $result;
-	}
 	$file = tempnam('/tmp', 'php-encrypt');
 	file_put_contents("{$file}.dec", $val);
 	exec(sprintf(
-		'%s enc %s -aes-256-cbc -in %s.dec -out %s.enc -k %s',
+		'/usr/local/bin/openssl enc %s -aes-256-cbc -in %s.dec -out %s.enc -k %s',
-		$bin_openssl,
+		escapeshellarg($opt),
-		$opt,
+		escapeshellarg($file),
-		$file,
+		escapeshellarg($file),
-		$file,
 		escapeshellarg($pass)
 	));

--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -215,19 +215,8 @@ function openvpn_get_digestlist() {
 function openvpn_get_engines()
 {
-	if (file_exists('/usr/local/bin/openssl')) {
-		/* use the ports version */
-		$bin_openssl = '/usr/local/bin/openssl';
-	} elseif (file_exists('/usr/bin/openssl')) {
-		/* use the base version (legacy fallback) */
-		$bin_openssl = '/usr/bin/openssl';
-	} else {
-		/* the infamous "this should never happen" */
-		log_error(_('Could not find an OpenSSL implementation on your system.'));
-	}
 	$openssl_engines = array('none' => 'No Hardware Crypto Acceleration');
-	exec($bin_openssl . ' engine -t -c', $openssl_engine_output);
+	exec('/usr/local/bin/openssl engine -t -c', $openssl_engine_output);
 	$openssl_engine_output = implode("\n", $openssl_engine_output);
 	$openssl_engine_output = preg_replace("/\\n\\s+/", "|", $openssl_engine_output);
 	$openssl_engine_output = explode("\n", $openssl_engine_output);

--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -791,17 +791,6 @@ function system_webgui_start()
 {
 	global $config, $g;
-	if (file_exists('/usr/local/bin/openssl')) {
-		/* use the ports version */
-		$bin_openssl = '/usr/local/bin/openssl';
-	} elseif (file_exists('/usr/bin/openssl')) {
-		/* use the base version (legacy fallback) */
-		$bin_openssl = '/usr/bin/openssl';
-	} else {
-		/* the infamous "this should never happen" */
-		log_error(_('Could not find an OpenSSL implementation on your system.'));
-	}
 	if (file_exists("/var/run/booting")) {
 		/* XXX no no no no no no no no  */
 		echo gettext("Starting webConfigurator...");
@@ -833,13 +822,13 @@ function system_webgui_start()
 			$cert = array();
 			$cert['refid'] = uniqid();
 			$cert['descr'] = gettext("webConfigurator default");
-			/* mind the gap ->.<- */
+			mwexec(
-			$openssl_args  = ' req -new -newkey rsa:4096 -sha256';
+				/* XXX ought to be replaced by PHP calls */
-			$openssl_args .= ' -days 365 -nodes -x509';
+				'/usr/local/bin/openssl req -new ' .
-			$openssl_args .= ' -subj "/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense"';
+				'-newkey rsa:4096 -sha256 -days 365 -nodes -x509 ' .
-			$openssl_args .= ' -keyout /tmp/ssl.key';
+				'-subj "/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense" ' .
-			$openssl_args .= ' -out /tmp/ssl.crt';
+				'-keyout /tmp/ssl.key -out /tmp/ssl.crt'
-			mwexec($bin_openssl . $openssl_args);
+			);
 			$crt = file_get_contents('/tmp/ssl.crt');
 			$key = file_get_contents('/tmp/ssl.key');
 			unlink('/tmp/ssl.key');

--- a/src/pkg/openvpn-client-export.inc
+++ b/src/pkg/openvpn-client-export.inc
@@ -100,9 +100,9 @@ function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $cap
 	$ekeypath = escapeshellarg($keypath);
 	if ($capath) {
 		$ecapath = escapeshellarg($capath);
-		exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}");
+		exec("/usr/local/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}");
 	} else
-		exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}");
+		exec("/usr/local/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}");
 	unlink($crtpath);
 	unlink($keypath);
@@ -692,7 +692,7 @@ EOF;
 			$eoutpass = escapeshellarg($outpass);
 			$ekeyfile = escapeshellarg($keyfile);
 			$eclearkeyfile = escapeshellarg($clearkeyfile);
-			exec("/usr/bin/openssl rsa -in ${eclearkeyfile} -out ${ekeyfile} -des3 -passout pass:${eoutpass}");
+			exec("/usr/local/bin/openssl rsa -in ${eclearkeyfile} -out ${ekeyfile} -des3 -passout pass:${eoutpass}");
 			unlink($clearkeyfile);
 		} else {
 			$keyfile = "{$tempdir}/key.key";