free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Comments

This commit is contained in:
Bob Mottram 2015-08-15 13:40:45 +01:00
parent 2a46fd3121
commit 0409796f10
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/freedombone-sec
View File

@ -337,13 +337,14 @@ function regenerate_ssh_host_keys {
function regenerate_dh_keys { function regenerate_dh_keys {
if [[ $REGENERATE_DH_KEYS == "yes" ]]; then if [[ $REGENERATE_DH_KEYS == "yes" ]]; then
if [ ! -d /etc/ssl/mycerts ]; then if [ ! -d /etc/ssl/mycerts ]; then
echo 'No dhparam certificates were found'
return return
fi fi
data=$(tempfile 2>/dev/null) data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --backtitle "Freedombone Security Configuration" \ dialog --backtitle "Freedombone Security Configuration" \
--radiolist "Select a key length:" 10 40 2 \ --radiolist "Select a Diffie-Hellman key length. The smaller length is better suited to low power systems:" 12 40 2 \
1 "1024 bits" off \ 1 "1024 bits" off \
2 "3072 bits" on 2> $data 2 "3072 bits" on 2> $data
sel=$? sel=$?
@ -356,15 +357,18 @@ function regenerate_dh_keys {
2) DH_KEYLENGTH=3072;; 2) DH_KEYLENGTH=3072;;
esac esac
ctr=0
for file in /etc/ssl/mycerts/* for file in /etc/ssl/mycerts/*
do do
if [[ -f $file ]]; then if [[ -f $file ]]; then
filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
if [ -f $filename ]; then if [ -f $filename ]; then
openssl dhparam -check -text -5 $DH_KEYLENGTH -out $filename openssl dhparam -check -text -5 $DH_KEYLENGTH -out $filename
ctr=$((ctr + 1))
fi fi
fi fi
done done
echo "$ctr dhparam certificates were regenerated"
fi fi
} }