webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

httpscert: Use regular random source.

Browse Source 
Previous to this patch, the kernel image file and internal
configuration settings have been used as a source for random
data, which is not random at all.
This commit is contained in:
Michael Tremer
2013-12-12 21:17:53 +01:00
parent cfb00625b8
commit a1365ee37c
1 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/scripts/httpscert
View File

@@ -6,13 +6,9 @@
# See how we were called.
case "$1" in
new)
# set temporary random file
export RANDFILE=/root/.rnd
if [ ! -f /etc/httpd/server.key ]; then
echo "Generating https server key."
/usr/bin/openssl genrsa -rand \
/boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
/etc/httpd/server.key 1024
/usr/bin/openssl genrsa -out /etc/httpd/server.key 1024
fi
echo "Generating CSR"
/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
@@ -21,9 +17,6 @@ case "$1" in
/usr/bin/openssl x509 -req -days 999999 -in \
/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
/etc/httpd/server.crt
# unset and remove random file
export -n RANDFILE
rm -f /root/.rnd
;;
read)
if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then