From: Mark Huang Date: Fri, 7 Apr 2006 03:36:04 +0000 (+0000) Subject: - whenever we generate a new self signed certificate, replace the X-Git-Tag: myplc-0_4-rc1~87 X-Git-Url: http://git.onelab.eu/?p=myplc.git;a=commitdiff_plain;h=38fe018e5f787178bbadec9d7eec65c053cd90c4 - whenever we generate a new self signed certificate, replace the private key as well, otherwise the old private key may be subject to rpm upgrade --- diff --git a/plc.d/ssl b/plc.d/ssl index c813f99..6480db3 100755 --- a/plc.d/ssl +++ b/plc.d/ssl @@ -7,7 +7,7 @@ # Mark Huang # Copyright (C) 2006 The Trustees of Princeton University # -# $Id: guest.init,v 1.12 2006/04/04 22:09:47 mlhuang Exp $ +# $Id: ssl,v 1.1 2006/04/06 21:51:59 mlhuang Exp $ # # Source function library and configuration @@ -46,14 +46,6 @@ case "$1" in fi done - # Generate new SSL private key - if [ ! -f ${!ssl_key} ] ; then - mkdir -p $(dirname ${!ssl_key}) - openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 >${!ssl_key} - check - chmod 600 ${!ssl_key} - fi - # Check if self signed certificate is valid if [ -f ${!ssl_crt} ] ; then verify=$(openssl verify ${!ssl_crt}) @@ -73,11 +65,12 @@ case "$1" in if [ ! -f ${!ssl_crt} ] ; then mkdir -p $(dirname ${!ssl_crt}) openssl req -new -x509 -days 365 -set_serial $RANDOM \ - -key ${!ssl_key} -out ${!ssl_crt} <