| 1 |
jpp |
1.1 |
diff -Nur --no-dereference e-smith-base-5.8.1.old/createlinks e-smith-base-5.8.1/createlinks |
| 2 |
|
|
--- e-smith-base-5.8.1.old/createlinks 2021-06-06 16:30:37.000000000 -0400 |
| 3 |
|
|
+++ e-smith-base-5.8.1/createlinks 2021-11-23 23:25:51.831000000 -0500 |
| 4 |
|
|
@@ -304,6 +304,10 @@ |
| 5 |
|
|
event_link("remove-templates-custom", $event, "02"); |
| 6 |
|
|
templates2events("/etc/smartd.conf", $event); |
| 7 |
|
|
templates2events("/home/e-smith/ssl.pem/pem", $event); |
| 8 |
|
|
+templates2events("/etc/raddb/certs/radiusd.pem", $event); |
| 9 |
|
|
+templates2events("/service/qpsmtpd/ssl/cert.pem", $event); |
| 10 |
|
|
+templates2events("/etc/dovecot/ssl/imapd.pem", $event); |
| 11 |
|
|
+templates2events("/etc/openldap/ssl/slapd.pem", $event); |
| 12 |
|
|
templates2events("/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf", $event); |
| 13 |
|
|
event_link("fix-startup", $event, "05"); |
| 14 |
|
|
event_link("rotate_timestamped_logfiles", $event, "05"); |
| 15 |
|
|
@@ -329,6 +333,13 @@ |
| 16 |
|
|
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd"); |
| 17 |
|
|
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog"); |
| 18 |
|
|
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/crond"); |
| 19 |
|
|
+# because of certs |
| 20 |
|
|
+safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith"); |
| 21 |
|
|
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dovecot"); |
| 22 |
|
|
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd"); |
| 23 |
|
|
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd"); |
| 24 |
|
|
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/radiusd"); |
| 25 |
|
|
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ldap"); |
| 26 |
|
|
|
| 27 |
|
|
#-------------------------------------------------- |
| 28 |
|
|
# actions for console-save event |
| 29 |
|
|
diff -Nur --no-dereference e-smith-base-5.8.1.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm e-smith-base-5.8.1/root/usr/share/perl5/vendor_perl/esmith/ssl.pm |
| 30 |
|
|
--- e-smith-base-5.8.1.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm 2021-06-06 16:30:37.000000000 -0400 |
| 31 |
|
|
+++ e-smith-base-5.8.1/root/usr/share/perl5/vendor_perl/esmith/ssl.pm 2021-11-23 23:18:53.220000000 -0500 |
| 32 |
|
|
@@ -6,7 +6,7 @@ |
| 33 |
|
|
|
| 34 |
|
|
|
| 35 |
|
|
our @ISA = qw(Exporter); |
| 36 |
|
|
-our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key related_key_cert); |
| 37 |
|
|
+our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key key_is_ec related_key_cert); |
| 38 |
|
|
|
| 39 |
|
|
my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db"; |
| 40 |
|
|
our $SystemName = $configdb->get('SystemName')->value; |
| 41 |
|
|
@@ -51,7 +51,8 @@ |
| 42 |
|
|
{ |
| 43 |
|
|
#print "$key exists\n"; |
| 44 |
|
|
# check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p" |
| 45 |
|
|
- my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`; |
| 46 |
|
|
+ my $algo = (key_is_ec($key)) ? 'ec' :'rsa'; |
| 47 |
|
|
+ my $signatureKeySize = `openssl $algo -in $key -text -noout | grep "Private-Key" | head -1`; |
| 48 |
|
|
chomp $signatureKeySize; |
| 49 |
|
|
$signatureKeySize =~ s/^ *Private-Key: \((.*) bit\)/$1/p; |
| 50 |
|
|
if ( $signatureKeySize == $KeySize ) { |
| 51 |
|
|
@@ -122,6 +123,7 @@ |
| 52 |
|
|
open my $oldout, ">&STDERR"; # "dup" the stdout filehandle |
| 53 |
|
|
close STDERR; |
| 54 |
|
|
my $exit_code=system("openssl","rsa", "-noout", "-in", "$key"); |
| 55 |
|
|
+ $exit_code=system("openssl","ec", "-noout", "-in", "$key") unless ($exit_code==0); |
| 56 |
|
|
open STDERR, '>&', $oldout; # restore the dup'ed filehandle to STDOUT |
| 57 |
|
|
if ($exit_code==0){ |
| 58 |
|
|
#print "key is a key\n"; |
| 59 |
|
|
@@ -131,14 +133,31 @@ |
| 60 |
|
|
return 0; |
| 61 |
|
|
} |
| 62 |
|
|
|
| 63 |
|
|
+sub key_is_ec { |
| 64 |
|
|
+ my $key = shift || "/home/e-smith/ssl.key/$FQDN.key"; |
| 65 |
|
|
+ if ( -f $key ) |
| 66 |
|
|
+ { |
| 67 |
|
|
+ open my $oldout, ">&STDERR"; # "dup" the stdout filehandle |
| 68 |
|
|
+ close STDERR; |
| 69 |
|
|
+ my $exit_code=system("openssl","ec", "-noout", "-in", "$key"); |
| 70 |
|
|
+ if ($exit_code==0){ |
| 71 |
|
|
+ #print "key is a key\n"; |
| 72 |
|
|
+ return 1; |
| 73 |
|
|
+ } |
| 74 |
|
|
+ } |
| 75 |
|
|
+ return 0; |
| 76 |
|
|
+} |
| 77 |
|
|
+ |
| 78 |
|
|
sub related_key_cert { |
| 79 |
|
|
my $key = shift || "/home/e-smith/ssl.key/$FQDN.key"; |
| 80 |
|
|
my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt"; |
| 81 |
|
|
if ( key_is_key($key) and cert_is_cert($crt) ) |
| 82 |
|
|
{ |
| 83 |
|
|
# check the cert and the key are related, if key has been changed, then we need to change the cert |
| 84 |
|
|
- my $crt_md5 = `openssl x509 -noout -modulus -in $crt | openssl md5`; |
| 85 |
|
|
- my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`; |
| 86 |
|
|
+ #my $crt_md5 = `openssl x509 -noout -modulus -in $crt | openssl md5`; |
| 87 |
|
|
+ #my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`; |
| 88 |
|
|
+ my $crt_md5 = `openssl x509 -pubkey -noout -in $crt | openssl md5`; |
| 89 |
|
|
+ my $key_md5 = `openssl pkey -pubout -in $key | openssl md5`; |
| 90 |
|
|
#print "$key_md5 eq $crt_md5\n"; |
| 91 |
|
|
return 1 if $key_md5 eq $crt_md5; |
| 92 |
|
|
} |
Parent Directory
| 
Revision Log
| 
Revision Graph
