Implements #5007 Remove SSL bundle files if present on an apache 2.4 server

c31703b8 · Till Brehm · b7ee5f0e · c31703b8 · c31703b8
Commit c31703b8 authored Jul 05, 2019 by Till Brehm
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 6 deletions

vhost.conf.master server/conf/vhost.conf.master +4 -4

apache2_plugin.inc.php server/plugins-available/apache2_plugin.inc.php +3 -2

No files found.
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -75,15 +75,15 @@
 		# </IfModule>
 		SSLCertificateFile <tmpl_var name='ssl_crt_file'>
 		SSLCertificateKeyFile <tmpl_var name='ssl_key_file'>
-<tmpl_if name='has_bundle_cert'>
-		<tmpl_if name='apache_version' op='<' value='2.4.8' format='version'>
-		SSLCertificateChainFile <tmpl_var name='ssl_bundle_file'>
-		</tmpl_if>
 		<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
 		SSLUseStapling on
 		SSLStaplingResponderTimeout 5
 		SSLStaplingReturnResponderErrors off
 		</tmpl_if>
+<tmpl_if name='has_bundle_cert'>
+		<tmpl_if name='apache_version' op='<' value='2.4.8' format='version'>
+		SSLCertificateChainFile <tmpl_var name='ssl_bundle_file'>
+		</tmpl_if>
 </tmpl_if>
 </tmpl_if>
 		</IfModule>

--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1223,8 +1223,9 @@ class apache2_plugin {
 				$app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ? AND `server_id` = ?", $data['new']['ssl'], 'n', $data['new']['domain'], $conf['server_id']);
 			}
 		}
-
-		if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
+		
+		// Use separate bundle file only for apache versions < 2.4.8
+		if(@is_file($bundle_file) && version_compare($app->system->getapacheversion(true), '2.4.8', '<')) $vhost_data['has_bundle_cert'] = 1;

 		// HTTP/2.0 ?
 		$vhost_data['enable_http2']  = 'n';