From 45e4294df244a73d975edc98e366b205657f9e1b Mon Sep 17 00:00:00 2001
From: danmarsden <danmarsden>
Date: Fri, 11 Sep 2009 10:01:14 +0000
Subject: [PATCH] MNET MDL-13503 allow path to openssl.cnf to be set in config
 so that windows installs and packages can reliably enable networking.

---
 mnet/lib.php | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/mnet/lib.php b/mnet/lib.php
index 276ace1c21..194808c58d 100644
--- a/mnet/lib.php
+++ b/mnet/lib.php
@@ -386,14 +386,22 @@ function mnet_generate_keypair($dn = null, $days=28) {
 
     // ensure we remove trailing slashes
     $dn["commonName"] = preg_replace(':/$:', '', $dn["commonName"]);
-
-    $new_key = openssl_pkey_new();
+    if (!empty($CFG->opensslcnf)) { //allow specification of openssl.cnf especially for Windows installs
+        $new_key = openssl_pkey_new(array("config" => $CFG->opensslcnf));
+    } else {
+        $new_key = openssl_pkey_new();
+    }
     if ($new_key === false) {
         // can not generate keys - missing openssl.cnf??
         return null;
     }
-    $csr_rsc = openssl_csr_new($dn, $new_key, array('private_key_bits',2048));
-    $selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days);
+    if (!empty($CFG->opensslcnf)) { //allow specification of openssl.cnf especially for Windows installs
+        $csr_rsc = openssl_csr_new($dn, $new_key, array("config" => $CFG->opensslcnf));
+        $selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days, array("config" => $CFG->opensslcnf));
+    } else {
+        $csr_rsc = openssl_csr_new($dn, $new_key, array('private_key_bits',2048));
+        $selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days);
+    }
     unset($csr_rsc); // Free up the resource
 
     // We export our self-signed certificate to a string.
@@ -402,7 +410,11 @@ function mnet_generate_keypair($dn = null, $days=28) {
 
     // Export your public/private key pair as a PEM encoded string. You
     // can protect it with an optional passphrase if you wish.
-    $export = openssl_pkey_export($new_key, $keypair['keypair_PEM'] /* , $passphrase */);
+    if (!empty($CFG->opensslcnf)) { //allow specification of openssl.cnf especially for Windows installs
+        $export = openssl_pkey_export($new_key, $keypair['keypair_PEM'], null, array("config" => $CFG->opensslcnf));
+    } else {
+        $export = openssl_pkey_export($new_key, $keypair['keypair_PEM'] /* , $passphrase */);
+    }
     openssl_pkey_free($new_key);
     unset($new_key); // Free up the resource
 
-- 
2.39.5