Jean-Philippe Pialasse
8615e569eb
- handle dh params with template [SME: 12826] TODO timer and event - foolproofing dummy.module
28 lines
1.0 KiB
Perl
Executable File
28 lines
1.0 KiB
Perl
Executable File
#!/usr/bin/perl
|
|
use strict;
|
|
use warnings;
|
|
use esmith::ssl;
|
|
|
|
my $event=shift||"program";
|
|
my $folder="/home/e-smith/dh.pem";
|
|
my $KeySize = 2048;
|
|
# load config db
|
|
|
|
mkdir($folder, 0700) unless(-d $folder );
|
|
# if program (or during updates) we only generate the 2048 to start all programs after install without waiting too much
|
|
if ( $event eq "program" || $event eq "temp" ) {
|
|
my $exit_code=dh_exists_good_size($KeySize,"$folder/$KeySize.pem") || system("/usr/bin/openssl","dhparam","-out","$folder/$KeySize.pem", $KeySize);
|
|
exit 0;
|
|
}
|
|
# if called as event, we generate a 4096 if 2096 exist, and then expand templates for services in need of this
|
|
# then the event will restart the service to use stronger dh.pem
|
|
else {
|
|
$KeySize = 4096 if (dh_exists_good_size($KeySize,"$folder/$KeySize.pem"));
|
|
print "Key size is $KeySize\n";
|
|
exit 0 if (dh_exists_good_size($KeySize,"$folder/$KeySize.pem"));
|
|
# here we should test if uptime > 2 hours and return if not enough uptime
|
|
system("/usr/bin/openssl","dhparam","-out","$folder/$KeySize.pem", $KeySize);
|
|
exit 0;
|
|
}
|
|
|