[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 3301 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  6c859e038223d4c6ec8535b7b7e635d9ef7fac1f (commit)
       via  325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29 (commit)
       via  a1365ee37ccffa2be499d483ff1356d9f71013de (commit)
      from  cfb00625b8224e929ecc4a2610bbe153f7ead475 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Dec 12 21:20:56 2013 +0100

    core74: Add httpscert script.

commit 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Dec 12 21:18:56 2013 +0100

    httpscert: Increase size of the RSA key to 4096.
    
    RSA keys with length of 1024 bits are considered weak.

commit a1365ee37ccffa2be499d483ff1356d9f71013de
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Dec 12 21:17:53 2013 +0100

    httpscert: Use regular random source.
    
    Previous to this patch, the kernel image file and internal
    configuration settings have been used as a source for random
    data, which is not random at all.

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/74/filelists/files | 1 +
 src/scripts/httpscert                    | 9 +--------
 2 files changed, 2 insertions(+), 8 deletions(-)

Difference in files:
diff --git a/config/rootfiles/core/74/filelists/files b/config/rootfiles/core/74/filelists/files
index 5a874e7..52d0178 100644
--- a/config/rootfiles/core/74/filelists/files
+++ b/config/rootfiles/core/74/filelists/files
@@ -2,5 +2,6 @@ etc/system-release
 etc/issue
 srv/web/ipfire/cgi-bin/dnsforward.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
+usr/local/bin/httpscert
 var/ipfire/header.pl
 var/ipfire/langs
diff --git a/src/scripts/httpscert b/src/scripts/httpscert
index fb2d64b..d0e23fa 100644
--- a/src/scripts/httpscert
+++ b/src/scripts/httpscert
@@ -6,13 +6,9 @@
 # See how we were called.
 case "$1" in
   new)
-	# set temporary random file
-	export RANDFILE=/root/.rnd
 	if [ ! -f /etc/httpd/server.key ]; then
 		echo "Generating https server key."
-		/usr/bin/openssl genrsa -rand \
-			/boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
-			/etc/httpd/server.key 1024
+		/usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
 	fi
 	echo "Generating CSR"
 	/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
@@ -21,9 +17,6 @@ case "$1" in
 	/usr/bin/openssl x509 -req -days 999999 -in \
 		/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
 		/etc/httpd/server.crt
-	# unset and remove random file
-	export -n RANDFILE
-	rm -f /root/.rnd
  	;;
   read)
 	if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then


hooks/post-receive
--
IPFire 2.x development tree