* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f
@ 2013-12-12 20:21 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-12-12 20:21 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 3301 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f (commit)
via 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29 (commit)
via a1365ee37ccffa2be499d483ff1356d9f71013de (commit)
from cfb00625b8224e929ecc4a2610bbe153f7ead475 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 12 21:20:56 2013 +0100
core74: Add httpscert script.
commit 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 12 21:18:56 2013 +0100
httpscert: Increase size of the RSA key to 4096.
RSA keys with length of 1024 bits are considered weak.
commit a1365ee37ccffa2be499d483ff1356d9f71013de
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 12 21:17:53 2013 +0100
httpscert: Use regular random source.
Previous to this patch, the kernel image file and internal
configuration settings have been used as a source for random
data, which is not random at all.
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/74/filelists/files | 1 +
src/scripts/httpscert | 9 +--------
2 files changed, 2 insertions(+), 8 deletions(-)
Difference in files:
diff --git a/config/rootfiles/core/74/filelists/files b/config/rootfiles/core/74/filelists/files
index 5a874e7..52d0178 100644
--- a/config/rootfiles/core/74/filelists/files
+++ b/config/rootfiles/core/74/filelists/files
@@ -2,5 +2,6 @@ etc/system-release
etc/issue
srv/web/ipfire/cgi-bin/dnsforward.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
+usr/local/bin/httpscert
var/ipfire/header.pl
var/ipfire/langs
diff --git a/src/scripts/httpscert b/src/scripts/httpscert
index fb2d64b..d0e23fa 100644
--- a/src/scripts/httpscert
+++ b/src/scripts/httpscert
@@ -6,13 +6,9 @@
# See how we were called.
case "$1" in
new)
- # set temporary random file
- export RANDFILE=/root/.rnd
if [ ! -f /etc/httpd/server.key ]; then
echo "Generating https server key."
- /usr/bin/openssl genrsa -rand \
- /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
- /etc/httpd/server.key 1024
+ /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
fi
echo "Generating CSR"
/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
@@ -21,9 +17,6 @@ case "$1" in
/usr/bin/openssl x509 -req -days 999999 -in \
/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
/etc/httpd/server.crt
- # unset and remove random file
- export -n RANDFILE
- rm -f /root/.rnd
;;
read)
if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-12-12 20:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-12 20:21 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox