free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

Option to supress creation of DH parama

Bob Mottram 9 anos atrás
pai
faee7f9d91
commit
2d2a4d122a
2 arquivos alterados com 10 adições e 2 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 8
    1
      src/freedombone-addcert
  2. 2
    1
      src/freedombone-clientcert

+ 8
- 1
src/freedombone-addcert Ver arquivo 

@@ -35,6 +35,7 @@ LOCATION="Freedomville"
35 35 
 ORGANISATION="Freedombone"
36 36 
 UNIT="Freedombone Unit"
37 37 
 EXTENSIONS=""
38 
+NODH=
38 39
39 40 
 function show_help {
40 41 
     echo ''
 
@@ -50,6 +51,7 @@ function show_help {
50 51 
     echo '  -l --location [locn]       Optional location name'
51 52 
     echo '  -o --organisation [name]   Optional organisation name'
52 53 
     echo '  -u --unit [name]           Optional unit name'
54 
+    echo '     --nodh                  Do not calculate DH params'
53 55 
     echo '     --ca                    Certificate authority cert'
54 56 
     echo ''
55 57 
     exit 0
 
@@ -90,6 +92,9 @@ case $key in
90 92 
     --ca)
91 93 
     EXTENSIONS="-extensions v3_ca"
92 94 
     ;;
95 
+    --nodh)
96 
+    NODH="true"
97 
+    ;;
93 98 
     *)
94 99 
     # unknown option
95 100 
     ;;
 
@@ -108,7 +113,9 @@ if ! which openssl > /dev/null ;then
108 113 
 fi
109 114
110 115 
 openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
111 
-openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
116 
+if [ ! $NODH ]; then
117 
+    openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
118 
+fi
112 119 
 chmod 400 /etc/ssl/private/$HOSTNAME.key
113 120 
 chmod 640 /etc/ssl/certs/$HOSTNAME.crt
114 121 
 chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam

+ 2
- 1
src/freedombone-clientcert Ver arquivo 

@@ -98,7 +98,7 @@ fi
98 98 
 chmod 600 /etc/dovecot/passwd-file
99 99
100 100 
 # create a user cert
101 
-freedombone-addcert -h $USERNAME
101 
+freedombone-addcert -h $USERNAME --nodh
102 102
103 103 
 # create a certificate request
104 104 
 openssl req -new -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" -key /etc/ssl/private/$USERNAME.key -out /etc/ssl/requests/$USERNAME.csr
 
@@ -108,6 +108,7 @@ openssl ca -config /etc/ssl/dovecot-ca.cnf -in /etc/ssl/requests/$USERNAME.csr -
108 108
109 109 
 # move the cert to the user's home
110 110 
 mkdir /home/$USERNAME/emailcert
111 
+shred -zu /etc/ssl/certs/$USERNAME.dhparam
111 112 
 mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
112 113 
 cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert
113 114 
 mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert