summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common')
-rwxr-xr-xroles/common/files/usr/local/bin/gendhparam.sh7
-rw-r--r--roles/common/tasks/main.yml3
2 files changed, 5 insertions, 5 deletions
diff --git a/roles/common/files/usr/local/bin/gendhparam.sh b/roles/common/files/usr/local/bin/gendhparam.sh
index 84b7d56..a82a8a5 100755
--- a/roles/common/files/usr/local/bin/gendhparam.sh
+++ b/roles/common/files/usr/local/bin/gendhparam.sh
@@ -3,9 +3,8 @@
set -ue
PATH=/usr/bin:/bin
-privkey="$1"
+out="$1"
bits="${2:-2048}"
-rand=
-install --mode=0600 /dev/null "$privkey"
-openssl dhparam -rand "${rand:-/dev/urandom}" "$bits" >"$privkey"
+install --mode=0644 /dev/null "$out"
+openssl dhparam "$bits" >"$out"
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 14cb7ae..1226d37 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -44,7 +44,8 @@
- genkeypair.sh
- gendhparam.sh
- name: Generate DH parameters
- command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
+ command: gendhparam.sh /etc/ssl/dhparams.pem 2048
+ creates=/etc/ssl/dhparams.pem
tags: genkey
- include: logging.yml
tags: logging
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 07:10:38 +0000