diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2015-05-26 00:55:19 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:52 +0200 |
commit | 64e8603cf9790aa4419d0f2746671bd242e6344d (patch) | |
tree | a54c623bbe44f52c583bacf80848d3b9d4467abe /roles/common/files/usr/local/bin/genkeypair.sh | |
parent | 6b424a8f4155dea449b1dde746eae77bded63f7c (diff) |
logjam mitigation.
Diffstat (limited to 'roles/common/files/usr/local/bin/genkeypair.sh')
-rwxr-xr-x | roles/common/files/usr/local/bin/genkeypair.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh index d6539e2..982c1d9 100755 --- a/roles/common/files/usr/local/bin/genkeypair.sh +++ b/roles/common/files/usr/local/bin/genkeypair.sh @@ -37,6 +37,7 @@ cn= usage= chmod= chown= +rand= usage() { cat >&2 <<- EOF @@ -123,7 +124,6 @@ while [ $# -gt 0 ]; do shift; done -rand=/dev/urandom case "$type" in # XXX: genrsa and dsaparam have been deprecated in favor of genpkey. # genpkey can also create explicit EC parameters, but not named. @@ -184,7 +184,7 @@ elif [ ! -s "$privkey" -o $force -ge 2 ]; then mv -f "$(mktemp)" "$privkey" || exit 2 chmod "${chmod:-og-rwx}" "$privkey" || exit 2 [ -z "$chown" ] || chown "$chown" "$privkey" || exit 2 - openssl $genkey -rand /dev/urandom $genkeyargs >"$privkey" || exit 2 + openssl $genkey -rand "${rand:-/dev/urandom}" $genkeyargs >"$privkey" || exit 2 [ "$cmd" = dkim ] && { dkiminfo; exit; } fi |