From patchwork Fri Sep 20 14:20:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 8138 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4X9F0l3W13z3x1v for ; Fri, 20 Sep 2024 14:20:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4X9F0g0871z6CM; Fri, 20 Sep 2024 14:20:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4X9F0f6mVmz342Q; Fri, 20 Sep 2024 14:20:34 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4X9F0Y3p3Yz3408 for ; Fri, 20 Sep 2024 14:20:29 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "people01.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4X9F0V4jTzz2DC; Fri, 20 Sep 2024 14:20:26 +0000 (UTC) Received: by people01.haj.ipfire.org (Postfix, from userid 1078) id 4X9F0T08NKz2xjP; Fri, 20 Sep 2024 14:20:25 +0000 (UTC) From: =?utf-8?q?Peter_M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 2/5] apache: Drop RSA key and certificate generation Date: Fri, 20 Sep 2024 14:20:19 +0000 Message-Id: <20240920142022.589371-2-peter.mueller@ipfire.org> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240920142022.589371-1-peter.mueller@ipfire.org> References: <20240920142022.589371-1-peter.mueller@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: MNZE7NYROMGEX6TYZU6EIMW7EUFRW54G X-Message-ID-Hash: MNZE7NYROMGEX6TYZU6EIMW7EUFRW54G X-MailFrom: pmueller@people01.haj.ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: =?utf-8?q?Peter_M=C3=BCller?= X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Signed-off-by: Peter Müller --- src/initscripts/system/apache | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache index e7a62097e..ba7ede670 100644 --- a/src/initscripts/system/apache +++ b/src/initscripts/system/apache @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,13 +25,6 @@ PIDFILE="/var/run/httpd.pid" generate_certificates() { - if [ ! -f "/etc/httpd/server.key" ]; then - boot_mesg "Generating HTTPS RSA server key (this will take a moment)..." - openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null - chmod 600 /etc/httpd/server.key - evaluate_retval - fi - if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then boot_mesg "Generating HTTPS ECDSA server key..." openssl ecparam -genkey -name secp384r1 -noout \ @@ -40,29 +33,12 @@ generate_certificates() { evaluate_retval fi - # Generate RSA CSR - if [ ! -f "/etc/httpd/server.csr" ]; then - sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \ - openssl req -new -key /etc/httpd/server.key \ - -out /etc/httpd/server.csr &>/dev/null - fi - - # Generate ECDSA CSR if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \ openssl req -new -key /etc/httpd/server-ecdsa.key \ -out /etc/httpd/server-ecdsa.csr &>/dev/null fi - if [ ! -f "/etc/httpd/server.crt" ]; then - boot_mesg "Signing RSA certificate..." - openssl x509 -req -days 999999 -sha256 \ - -in /etc/httpd/server.csr \ - -signkey /etc/httpd/server.key \ - -out /etc/httpd/server.crt &>/dev/null - evaluate_retval - fi - if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then boot_mesg "Signing ECDSA certificate..." openssl x509 -req -days 999999 -sha256 \