Comments

src/freedombone-sec

@@ -337,13 +337,14 @@ function regenerate_ssh_host_keys {
 function regenerate_dh_keys {
   if [[ $REGENERATE_DH_KEYS == "yes" ]]; then
       if [ ! -d /etc/ssl/mycerts ]; then
+          echo 'No dhparam certificates were found'
           return
       fi
 
       data=$(tempfile 2>/dev/null)
       trap "rm -f $data" 0 1 2 5 15
       dialog --backtitle "Freedombone Security Configuration" \
-             --radiolist "Select a key length:" 10 40 2 \
+             --radiolist "Select a Diffie-Hellman key length. The smaller length is better suited to low power systems:" 12 40 2 \
              1 "1024 bits" off \
              2 "3072 bits" on 2> $data
       sel=$?
@@ -356,15 +357,18 @@ function regenerate_dh_keys {
           2) DH_KEYLENGTH=3072;;
       esac
 
+      ctr=0
       for file in /etc/ssl/mycerts/*
       do
           if [[ -f $file ]]; then
               filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
               if [ -f $filename ]; then
                   openssl dhparam -check -text -5 $DH_KEYLENGTH -out $filename
+                  ctr=$((ctr + 1))
               fi
           fi
       done
+      echo "$ctr dhparam certificates were regenerated"
   fi
 }