Added cf-php-fpm systemd service unit template for http2 enablement in Mission Portal

cf-secret/cf-secret.c

@@ -343,7 +343,7 @@ static bool RSAEncrypt(Seq *rsa_keys, const char *input_path, const char *output
 
     const EVP_CIPHER *cipher = EVP_aes_256_cbc();
     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-    const int key_size = EVP_PKEY_size((EVP_PKEY*) SeqAt(evp_keys, 0));
+    const int key_size = EVP_PKEY_get_size((EVP_PKEY*) SeqAt(evp_keys, 0));
 
     /* This sequence and the 'enc_key_sizes' array are both populated by the
      * EVP_SealInit() call below. */
@@ -354,10 +354,10 @@ static bool RSAEncrypt(Seq *rsa_keys, const char *input_path, const char *output
     }
     int enc_key_sizes[n_keys];
 
-    const int iv_size = EVP_CIPHER_iv_length(cipher);
+    const int iv_size = EVP_CIPHER_get_iv_length(cipher);
     unsigned char iv[iv_size];
 
-    const int block_size = EVP_CIPHER_block_size(cipher);
+    const int block_size = EVP_CIPHER_get_block_size(cipher);
     char plaintext[block_size], ciphertext[2 * block_size];
     int ct_len;
 
@@ -701,7 +701,7 @@ static bool RSADecrypt(RSA *privkey, const char *input_path, const char *output_
     const int iv_size = EVP_CIPHER_iv_length(cipher);
     unsigned char iv[iv_size];
 
-    const int key_size = EVP_PKEY_size(evp_key);
+    const int key_size = EVP_PKEY_get_size(evp_key);
     unsigned char ek[key_size];
     unsigned char dev_null[key_size];
 

cf-serverd/server_tls.c

@@ -88,7 +88,7 @@ bool ServerTLSInitialize(RSA *priv_key, RSA *pub_key, SSL_CTX **ssl_ctx)
         ssl_ctx = &SSLSERVERCONTEXT;
     }
     assert(*ssl_ctx == NULL);
-    *ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+    *ssl_ctx = SSL_CTX_new(TLS_server_method());
     if (*ssl_ctx == NULL)
     {
         Log(LOG_LEVEL_ERR, "SSL_CTX_new: %s",

configure.ac

@@ -1582,6 +1582,7 @@ AC_ARG_WITH(systemd-service, AS_HELP_STRING([--with-systemd-service=PATH],
 AS_IF([test "x$SYSTEMD_SERVICE_PATH" = "x"], [], [
     AC_SUBST([SYSTEMD_SERVICE_PATH])
     AC_CONFIG_FILES([misc/systemd/cfengine3.service])
+    AC_CONFIG_FILES([misc/systemd/cf-php-fpm.service])
     AC_CONFIG_FILES([misc/systemd/cf-apache.service])
     AC_CONFIG_FILES([misc/systemd/cf-execd.service])
     AC_CONFIG_FILES([misc/systemd/cf-hub.service])

libcfnet/tls_client.c

@@ -94,7 +94,7 @@ bool TLSClientInitialize(const char *tls_min_version,
         return false;
     }
 
-    SSLCLIENTCONTEXT = SSL_CTX_new(SSLv23_client_method());
+    SSLCLIENTCONTEXT = SSL_CTX_new(TLS_client_method());
     if (SSLCLIENTCONTEXT == NULL)
     {
         Log(LOG_LEVEL_ERR, "SSL_CTX_new: %s",

misc/Makefile.am

@@ -2,6 +2,7 @@ SUBDIRS = selinux
 
 # include unconditionally in the distribution tarball
 EXTRA_DIST= init.d/cfengine3.in \
+	systemd/cf-php-fpm.service.in \
 	systemd/cf-apache.service.in \
 	systemd/cf-execd.service.in \
 	systemd/cf-hub.service.in \
@@ -21,6 +22,7 @@ endif
 if WITH_SYSTEMD_SERVICE
 systemddir = $(SYSTEMD_SERVICE_PATH)
 systemd_DATA   = systemd/cfengine3.service
+systemd_DATA  += systemd/cf-php-fpm.service
 systemd_DATA  += systemd/cf-apache.service
 systemd_DATA  += systemd/cf-execd.service
 systemd_DATA  += systemd/cf-hub.service

misc/systemd/cf-apache.service.in

@@ -1,8 +1,8 @@
 [Unit]
 Description=CFEngine Enterprise Webserver
 After=syslog.target
-Wants=cf-postgres.service
-After=cf-postgres.service
+Wants=cf-php-fpm.service
+After=cf-php-fpm.service
 ConditionPathExists=@workdir@/httpd/bin/apachectl
 PartOf=cfengine3.service
 

misc/systemd/cf-php-fpm.service.in

@@ -0,0 +1,16 @@
+[Unit]
+Description=CFEngine Enterprise PHP FastCGI Process Manager
+After=syslog.target
+Wants=cf-postgres.service
+After=cf-postgres.service
+ConditionPathExists=@workdir@/httpd/php/sbin/php-fpm
+PartOf=cfengine3.service
+
+[Service]
+ExecStart=@workdir@/httpd/php/sbin/php-fpm --nodaemonize
+ExecReload=/bin/kill -USR2 $MAINPID
+PIDFile=@workdir@/httpd/php-fpm.pid
+Type=simple
+
+[Install]
+WantedBy=multi-user.target

misc/systemd/cfengine3.service.in

@@ -9,6 +9,7 @@ Wants=cf-serverd.service
 Wants=cf-execd.service
 Wants=cf-monitord.service
 Wants=cf-postgres.service
+Wants=cf-php-fpm.service
 Wants=cf-apache.service
 Wants=cf-hub.service
 Wants=cf-reactor.service
@@ -18,6 +19,7 @@ Before=cf-serverd.service
 Before=cf-execd.service
 Before=cf-monitord.service
 Before=cf-postgres.service
+Before=cf-php-fpm.service
 Before=cf-apache.service
 Before=cf-hub.service
 Before=cf-reactor.service