x-move/iconograph
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Option to generate dh parameters when fetching certs

Browse Source
This commit is contained in:
Ian Gulliver
2016-05-19 22:58:27 +00:00
parent db28e8c9f4
commit 784b921b8d
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/modules/certclient.py
View File

@@ -29,6 +29,11 @@ parser.add_argument(
dest='client_key', dest='client_key',
action='store', action='store',
required=True) required=True)
parser.add_argument(
'--generate-dh',
dest='generate_dh',
action='store_true',
default=False)
parser.add_argument( parser.add_argument(
'--subject', '--subject',
dest='subject', dest='subject',
@@ -93,6 +98,8 @@ script
exec </dev/tty9 >/dev/tty9 2>&1 exec </dev/tty9 >/dev/tty9 2>&1
chvt 9 chvt 9
DH="/systemid/$(hostname).%(tag)s.dh"
DH_LINK="/systemid/%(tag)s.dh"
KEY="/systemid/$(hostname).%(tag)s.key.pem" KEY="/systemid/$(hostname).%(tag)s.key.pem"
KEY_LINK="/systemid/%(tag)s.key.pem" KEY_LINK="/systemid/%(tag)s.key.pem"
CERT="/systemid/$(hostname).%(tag)s.cert.pem" CERT="/systemid/$(hostname).%(tag)s.cert.pem"
@@ -113,6 +120,13 @@ script
chmod 0444 "${CERT}" chmod 0444 "${CERT}"
fi fi
if test "%(dh)s" = "y"; then
if test ! -s "${DH}"; then
openssl dhparam -out "${DH}" 2048
fi
ln --symbolic --force $(basename "${DH}") "${DH_LINK}"
fi
ln --symbolic --force $(basename "${KEY}") "${KEY_LINK}" ln --symbolic --force $(basename "${KEY}") "${KEY_LINK}"
ln --symbolic --force $(basename "${CERT}") "${CERT_LINK}" ln --symbolic --force $(basename "${CERT}") "${CERT_LINK}"
@@ -124,6 +138,7 @@ script
echo "==================" echo "=================="
end script end script
""" % { """ % {
'dh': 'y' if FLAGS.generate_dh else 'n',
'server': FLAGS.server, 'server': FLAGS.server,
'subject': FLAGS.subject, 'subject': FLAGS.subject,
'tag': FLAGS.tag, 'tag': FLAGS.tag,