← Back to branch summary

~ubuntu-branches/ubuntu/saucy/apache2/saucy

« back to all changes in this revision

Viewing changes to debian/ssl-certificate

  • Committer: Bazaar Package Importer
  • Author(s): Thom May
  • Date: 2004-10-13 19:46:10 UTC
  • Revision ID: james.westby@ubuntu.com-20041013194610-ccvqcz8vflh5zqrm
Tags: 2.0.50-12ubuntu4
Security Release. Patch from upstream for the following:
CAN-2004-0885SSLCypherSuite can be bypassed during renegotiation.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/ssl-certificate
 
1
#!/bin/sh -e
 
2
 
 
3
if [ "$1" != "--force" -a -f /etc/apache2/ssl/apache.pem ]; then
 
4
  echo "/etc/apache2/ssl/apache.pem exists!  Use \"$0 --force.\""
 
5
  exit 0
 
6
fi
 
7
 
 
8
if [ "$1" = "--force" ]; then
 
9
  shift
 
10
fi     
 
11
 
 
12
echo
 
13
echo creating selfsigned certificate
 
14
echo "replace it with one signed by a certification authority (CA)"
 
15
echo
 
16
echo enter your ServerName at the Common Name prompt
 
17
echo
 
18
echo If you want your certificate to expire after x days call this programm 
 
19
echo with "-days x" 
 
20
 
 
21
# use special .cnf, because with normal one no valid selfsigned
 
22
# certificate is created
 
23
 
 
24
export RANDFILE=/dev/random
 
25
openssl req $@ -config /usr/share/apache2/ssleay.cnf \
 
26
  -new -x509 -nodes -out /etc/apache2/ssl/apache.pem \
 
27
  -keyout /etc/apache2/ssl/apache.pem
 
28
chmod 600 /etc/apache2/ssl/apache.pem
 
29
ln -sf /etc/apache2/ssl/apache.pem \
 
30
  /etc/apache2/ssl/`/usr/bin/openssl \
 
31
  x509 -noout -hash < /etc/apache2/ssl/apache.pem`.0