1 |
diff -Nur --no-dereference e-smith-base-5.8.1.old/createlinks e-smith-base-5.8.1/createlinks |
2 |
--- e-smith-base-5.8.1.old/createlinks 2021-06-06 16:30:37.000000000 -0400 |
3 |
+++ e-smith-base-5.8.1/createlinks 2021-11-23 23:25:51.831000000 -0500 |
4 |
@@ -304,6 +304,10 @@ |
5 |
event_link("remove-templates-custom", $event, "02"); |
6 |
templates2events("/etc/smartd.conf", $event); |
7 |
templates2events("/home/e-smith/ssl.pem/pem", $event); |
8 |
+templates2events("/etc/raddb/certs/radiusd.pem", $event); |
9 |
+templates2events("/service/qpsmtpd/ssl/cert.pem", $event); |
10 |
+templates2events("/etc/dovecot/ssl/imapd.pem", $event); |
11 |
+templates2events("/etc/openldap/ssl/slapd.pem", $event); |
12 |
templates2events("/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf", $event); |
13 |
event_link("fix-startup", $event, "05"); |
14 |
event_link("rotate_timestamped_logfiles", $event, "05"); |
15 |
@@ -329,6 +333,13 @@ |
16 |
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd"); |
17 |
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog"); |
18 |
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/crond"); |
19 |
+# because of certs |
20 |
+safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith"); |
21 |
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dovecot"); |
22 |
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd"); |
23 |
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd"); |
24 |
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/radiusd"); |
25 |
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ldap"); |
26 |
|
27 |
#-------------------------------------------------- |
28 |
# actions for console-save event |
29 |
diff -Nur --no-dereference e-smith-base-5.8.1.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm e-smith-base-5.8.1/root/usr/share/perl5/vendor_perl/esmith/ssl.pm |
30 |
--- e-smith-base-5.8.1.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm 2021-06-06 16:30:37.000000000 -0400 |
31 |
+++ e-smith-base-5.8.1/root/usr/share/perl5/vendor_perl/esmith/ssl.pm 2021-11-23 23:18:53.220000000 -0500 |
32 |
@@ -6,7 +6,7 @@ |
33 |
|
34 |
|
35 |
our @ISA = qw(Exporter); |
36 |
-our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key related_key_cert); |
37 |
+our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key key_is_ec related_key_cert); |
38 |
|
39 |
my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db"; |
40 |
our $SystemName = $configdb->get('SystemName')->value; |
41 |
@@ -51,7 +51,8 @@ |
42 |
{ |
43 |
#print "$key exists\n"; |
44 |
# check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p" |
45 |
- my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`; |
46 |
+ my $algo = (key_is_ec($key)) ? 'ec' :'rsa'; |
47 |
+ my $signatureKeySize = `openssl $algo -in $key -text -noout | grep "Private-Key" | head -1`; |
48 |
chomp $signatureKeySize; |
49 |
$signatureKeySize =~ s/^ *Private-Key: \((.*) bit\)/$1/p; |
50 |
if ( $signatureKeySize == $KeySize ) { |
51 |
@@ -122,6 +123,7 @@ |
52 |
open my $oldout, ">&STDERR"; # "dup" the stdout filehandle |
53 |
close STDERR; |
54 |
my $exit_code=system("openssl","rsa", "-noout", "-in", "$key"); |
55 |
+ $exit_code=system("openssl","ec", "-noout", "-in", "$key") unless ($exit_code==0); |
56 |
open STDERR, '>&', $oldout; # restore the dup'ed filehandle to STDOUT |
57 |
if ($exit_code==0){ |
58 |
#print "key is a key\n"; |
59 |
@@ -131,14 +133,31 @@ |
60 |
return 0; |
61 |
} |
62 |
|
63 |
+sub key_is_ec { |
64 |
+ my $key = shift || "/home/e-smith/ssl.key/$FQDN.key"; |
65 |
+ if ( -f $key ) |
66 |
+ { |
67 |
+ open my $oldout, ">&STDERR"; # "dup" the stdout filehandle |
68 |
+ close STDERR; |
69 |
+ my $exit_code=system("openssl","ec", "-noout", "-in", "$key"); |
70 |
+ if ($exit_code==0){ |
71 |
+ #print "key is a key\n"; |
72 |
+ return 1; |
73 |
+ } |
74 |
+ } |
75 |
+ return 0; |
76 |
+} |
77 |
+ |
78 |
sub related_key_cert { |
79 |
my $key = shift || "/home/e-smith/ssl.key/$FQDN.key"; |
80 |
my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt"; |
81 |
if ( key_is_key($key) and cert_is_cert($crt) ) |
82 |
{ |
83 |
# check the cert and the key are related, if key has been changed, then we need to change the cert |
84 |
- my $crt_md5 = `openssl x509 -noout -modulus -in $crt | openssl md5`; |
85 |
- my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`; |
86 |
+ #my $crt_md5 = `openssl x509 -noout -modulus -in $crt | openssl md5`; |
87 |
+ #my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`; |
88 |
+ my $crt_md5 = `openssl x509 -pubkey -noout -in $crt | openssl md5`; |
89 |
+ my $key_md5 = `openssl pkey -pubout -in $key | openssl md5`; |
90 |
#print "$key_md5 eq $crt_md5\n"; |
91 |
return 1 if $key_md5 eq $crt_md5; |
92 |
} |