Skip to content

Commit bc132ce

Browse files
mrrobot47mrrobot47
committed
feat(migration): add graceful handling if openssl_x509_parse not there
1 parent 50b5497 commit bc132ce

File tree

1 file changed

+28
-23
lines changed

1 file changed

+28
-23
lines changed

migrations/db/20250927101545_site-command_fix_ssl_flag_for_existing_le_certs.php

Lines changed: 28 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -54,31 +54,36 @@ public function up() {
5454
if ( empty( $db_ssl ) || $db_ssl !== 'le' ) {
5555
// Check if the cert is a valid Let's Encrypt cert using CertificateParser
5656
try {
57-
$crt_pem = file_get_contents( $crt );
58-
$cert_data = openssl_x509_parse( $crt_pem );
59-
$issuer_full = isset( $cert_data['issuer'] ) ? $cert_data['issuer'] : [];
60-
$issuer_json = json_encode( $issuer_full );
61-
$subject_cn = isset( $cert_data['subject']['CN'] ) ? $cert_data['subject']['CN'] : '';
62-
$crt_pem_lines = implode( ' | ', array_slice( explode( "\n", $crt_pem ), 0, 2 ) );
63-
$actions[] = "Cert issuer: $issuer_json";
64-
$actions[] = "Cert subject CN: '$subject_cn'";
65-
$actions[] = "Cert PEM first lines: $crt_pem_lines";
57+
$crt_pem = file_get_contents( $crt );
58+
if ( ! function_exists( 'openssl_x509_parse' ) ) {
59+
EE::warning( "openssl_x509_parse() not available in PHP. Cannot check issuer for $site_url." );
60+
$actions[] = "openssl_x509_parse() not available, skipping Let's Encrypt detection";
61+
} else {
62+
$cert_data = openssl_x509_parse( $crt_pem );
63+
$issuer_full = isset( $cert_data['issuer'] ) ? $cert_data['issuer'] : [];
64+
$issuer_json = json_encode( $issuer_full );
65+
$subject_cn = isset( $cert_data['subject']['CN'] ) ? $cert_data['subject']['CN'] : '';
66+
$crt_pem_lines = implode( ' | ', array_slice( explode( "\n", $crt_pem ), 0, 2 ) );
67+
$actions[] = "Cert issuer: $issuer_json";
68+
$actions[] = "Cert subject CN: '$subject_cn'";
69+
$actions[] = "Cert PEM first lines: $crt_pem_lines";
6670

67-
// Check all issuer fields for 'Let's Encrypt'
68-
$le_found = false;
69-
foreach ( $issuer_full as $field => $value ) {
70-
if ( stripos( $value, "Let's Encrypt" ) !== false ) {
71-
$le_found = true;
72-
break;
71+
// Check all issuer fields for 'Let's Encrypt'
72+
$le_found = false;
73+
foreach ( $issuer_full as $field => $value ) {
74+
if ( stripos( $value, "Let's Encrypt" ) !== false ) {
75+
$le_found = true;
76+
break;
77+
}
78+
}
79+
if ( $le_found ) {
80+
EE::log( "Updating SSL flag for site $site_url: found valid Let's Encrypt cert." );
81+
$site->site_ssl = 'le';
82+
$site->save();
83+
$actions[] = "Updated DB: set site_ssl=le (valid LE cert)";
84+
} else {
85+
$actions[] = "Cert is not from Let's Encrypt, no DB update";
7386
}
74-
}
75-
if ( $le_found ) {
76-
EE::log( "Updating SSL flag for site $site_url: found valid Let's Encrypt cert." );
77-
$site->site_ssl = 'le';
78-
$site->save();
79-
$actions[] = "Updated DB: set site_ssl=le (valid LE cert)";
80-
} else {
81-
$actions[] = "Cert is not from Let's Encrypt, no DB update";
8287
}
8388
} catch ( \Exception $e ) {
8489
EE::debug( "Failed to parse certificate for $site_url: " . $e->getMessage() );

0 commit comments

Comments
 (0)