This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f (commit) via 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29 (commit) via a1365ee37ccffa2be499d483ff1356d9f71013de (commit) from cfb00625b8224e929ecc4a2610bbe153f7ead475 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 12 21:20:56 2013 +0100

core74: Add httpscert script.

commit 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 12 21:18:56 2013 +0100

httpscert: Increase size of the RSA key to 4096.

RSA keys with length of 1024 bits are considered weak.

commit a1365ee37ccffa2be499d483ff1356d9f71013de Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 12 21:17:53 2013 +0100

httpscert: Use regular random source.

Previous to this patch, the kernel image file and internal configuration settings have been used as a source for random data, which is not random at all.

-----------------------------------------------------------------------

Summary of changes: config/rootfiles/core/74/filelists/files | 1 + src/scripts/httpscert | 9 +-------- 2 files changed, 2 insertions(+), 8 deletions(-)

Difference in files: diff --git a/config/rootfiles/core/74/filelists/files b/config/rootfiles/core/74/filelists/files index 5a874e7..52d0178 100644 --- a/config/rootfiles/core/74/filelists/files +++ b/config/rootfiles/core/74/filelists/files @@ -2,5 +2,6 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/dnsforward.cgi srv/web/ipfire/cgi-bin/proxy.cgi +usr/local/bin/httpscert var/ipfire/header.pl var/ipfire/langs diff --git a/src/scripts/httpscert b/src/scripts/httpscert index fb2d64b..d0e23fa 100644 --- a/src/scripts/httpscert +++ b/src/scripts/httpscert @@ -6,13 +6,9 @@ # See how we were called. case "$1" in new) - # set temporary random file - export RANDFILE=/root/.rnd if [ ! -f /etc/httpd/server.key ]; then echo "Generating https server key." - /usr/bin/openssl genrsa -rand \ - /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \ - /etc/httpd/server.key 1024 + /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096 fi echo "Generating CSR" /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \ @@ -21,9 +17,6 @@ case "$1" in /usr/bin/openssl x509 -req -days 999999 -in \ /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ /etc/httpd/server.crt - # unset and remove random file - export -n RANDFILE - rm -f /root/.rnd ;; read) if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then

hooks/post-receive -- IPFire 2.x development tree