Jean-Philippe Pialasse
0777b5a082
- fix networking [SME: 12541] - require rsyslog [SME: 12544] - remove unsupported rsyslog option -c [SME: 12545] - remove duplicate entry logrotate for btmp and wtmp [SME: 12547] - rework systemd-default script (error and smartmatches) [SME: 12543] - fix self signed cert templates [SME: 12551]
58 lines
1.3 KiB
Plaintext
58 lines
1.3 KiB
Plaintext
{
|
|
use Cwd;
|
|
use esmith::ssl;
|
|
my $here = getcwd;
|
|
|
|
my $KeySize = $modSSL{KeySize} ||'4096';
|
|
my $FQDN = "$SystemName.$DomainName";
|
|
my $key = "/home/e-smith/ssl.key/$FQDN.key";
|
|
# if key exists and good size, we use it
|
|
if ( key_exists_good_size )
|
|
{
|
|
# Old key file is still good. Read it out - processTemplate will work
|
|
# out that it hasn't changed, and leave the old one in place
|
|
open(K, "$key") or die "Couldn't open key file: $!";
|
|
my @key = <K>;
|
|
chomp @key;
|
|
$OUT = join "\n", @key;
|
|
close(K);
|
|
return;
|
|
}
|
|
# go to somewhere private and safe where we can run programs
|
|
# as root
|
|
unless (-e "/tmp/ssl")
|
|
{
|
|
mkdir "/tmp/ssl", 0700;
|
|
}
|
|
chdir "/tmp/ssl" or die "Couldn't change to secure directory: $!";
|
|
|
|
my $program = "/usr/bin/openssl";
|
|
|
|
$SIG{ALRM} = sub { die "whoops, $program pipe broke" };
|
|
|
|
unless (open(SSL,"-|"))
|
|
{
|
|
exec("/usr/bin/openssl",
|
|
qw(genrsa -rand),
|
|
join(':',
|
|
qw(
|
|
/proc/cpuinfo
|
|
/proc/dma
|
|
/proc/filesystems
|
|
/proc/interrupts
|
|
/proc/ioports
|
|
/proc/bus/pci/devices
|
|
/proc/driver/rtc
|
|
/proc/uptime
|
|
)),
|
|
"$KeySize")
|
|
|| die "can't exec program: $!";
|
|
}
|
|
while (<SSL>)
|
|
{
|
|
$OUT .= $_;
|
|
}
|
|
close(SSL) or die "Closing openssl pipe reported: $!";
|
|
chdir $here;
|
|
}
|