custom SSL code is abandoned in favor of Let's Encrypt

2025-04-24 17:22:35 +02:00 · 2016-11-22 01:11:57 -06:00 · 2016-11-22 01:11:57 -06:00 · 4dc613e27a
commit 4dc613e27a
parent 4fca52e03d
1 changed files with 0 additions and 104 deletions
--- a/app/settings.rb
+++ b/app/settings.rb
@ -57,110 +57,6 @@ post '/settings/:username/profile' do
  redirect "/settings/#{@site.username}#profile"
 end

-=begin
-post '/settings/:username/ssl' do
-  require_login
-  require_ownership_for_settings
-
-  unless params[:key] && params[:cert]
-    flash[:error] = 'SSL key and certificate are required.'
-    redirect "/settings/#{@site.username}#custom_domain"
-  end
-
-  begin
-    key = OpenSSL::PKey::RSA.new params[:key][:tempfile].read, ''
-  rescue => e
-    flash[:error] = 'Could not process SSL key, file may be incorrect, damaged, or passworded (you need to remove the password).'
-    redirect "/settings/#{@site.username}#custom_domain"
-  end
-
-  if !key.private?
-    flash[:error] = 'SSL Key file does not have private key data.'
-    redirect "/settings/#{@site.username}#custom_domain"
-  end
-
-  certs_string = params[:cert][:tempfile].read
-
-  cert_array = certs_string.lines.slice_before(/-----BEGIN CERTIFICATE-----/).to_a.collect {|a| a.join}
-
-  if cert_array.empty?
-    flash[:error] = 'Cert file does not contain any certificates.'
-    redirect "/settings/#{@site.username}#custom_domain"
-  end
-
-  cert_valid_for_domain = false
-
-  cert_array.each do |cert_string|
-    begin
-      cert = OpenSSL::X509::Certificate.new cert_string
-    rescue => e
-      flash[:error] = 'Could not process SSL certificate, file may be incorrect or damaged.'
-      redirect "/settings/#{@site.username}#custom_domain"
-    end
-
-    if cert.not_after < Time.now
-      flash[:error] = 'SSL Certificate has expired, please create a new one.'
-      redirect "/settings/#{@site.username}#custom_domain"
-    end
-
-    cert_cn = cert.subject.to_a.select {|a| a.first == 'CN'}.flatten[1]
-    cert_valid_for_domain = true if cert_cn && cert_cn.match(@site.domain)
-  end
-
-  unless cert_valid_for_domain
-    flash[:error] = "Your certificate CN (common name) does not match your domain: #{@site.domain}"
-    redirect "/settings/#{@site.username}#custom_domain"
-  end
-
-  # Everything else was worse.
-
-  crtfile = Tempfile.new 'crtfile'
-  crtfile.write cert_array.join
-  crtfile.close
-
-  keyfile = Tempfile.new 'keyfile'
-  keyfile.write key.to_pem
-  keyfile.close
-
-  if ENV['TRAVIS'] != 'true'
-    nginx_testfile = Tempfile.new 'nginx_testfile'
-    nginx_testfile.write %{
-      pid /tmp/throwaway.pid;
-      events {}
-      error_log /dev/null error;
-      http {
-        access_log off;
-        server {
-          listen 60000 ssl;
-          server_name #{@site.domain} *.#{@site.domain};
-          ssl_certificate #{crtfile.path};
-          ssl_certificate_key #{keyfile.path};
-        }
-      }
-    }
-    nginx_testfile.close
-
-    line = Cocaine::CommandLine.new(
-      "nginx", "-t -c :path",
-      expected_outcodes: [0],
-      swallow_stderr: true
-    )
-
-    begin
-      output = line.run path: nginx_testfile.path
-    rescue Cocaine::ExitStatusError => e
-      flash[:error] = "There is something wrong with your certificate, please check with your issuing CA."
-      redirect "/settings/#{@site.username}#custom_domain"
-    end
-  end
-
-  @site.update ssl_key: key.to_pem, ssl_cert: cert_array.join
-
-  flash[:success] = 'Updated SSL key/certificate.'
-  redirect "/settings/#{@site.username}#custom_domain"
-end
-=end
-
 post '/settings/:username/change_name' do
  require_login
  require_ownership_for_settings