PC World Komputer 2010 April

home *** CD-ROM | disk | FTP | other *** search

/ PC World Komputer 2010 April / PCWorld0410.iso / hity wydania / Ubuntu 9.10 PL / karmelkowy-koliberek-desktop-9.10-i386-PL.iso / casper / filesystem.squashfs / var / lib / dpkg / info / ssl-cert.postinst < prev next >

Wrap

Text File | 2009-07-07 | 2KB | 54 lines

#!/bin/sh -e . /usr/share/debconf/confmodule # Create the ssl-cert system group for snakeoil ownership: if ! getent group ssl-cert >/dev/null; then addgroup --quiet --system ssl-cert fi check_vuln_version () { if dpkg --compare-versions "$2" ge "$1" && dpkg --compare-versions "$2" lt $3 ; then check_key="yes" fi } # Check if the generated snakeoil key/cert has been generated # from a vulnerable openssl version and replace it if necessary. if [ -n "$2" ] ; then check_key="" check_vuln_version 0 "$2" 1.0.13-0ubuntu0.7.04.1 check_vuln_version 1.0.13-1 "$2" 1.0.14-0ubuntu0.7.10.1 check_vuln_version 1.0.14-0ubuntu1 "$2" 1.0.14-0ubuntu2.1 check_vuln_version 1.0.15 "$2" 1.0.19ubuntu1 CERT="/etc/ssl/certs/ssl-cert-snakeoil.pem" KEY="/etc/ssl/private/ssl-cert-snakeoil.key" # check if the cert and key file exist, # the issuer and subject are the same (self signed cert) # and the private key is vulnerable if [ "${check_key}" = "yes" -a \ -e "${CERT}" -a -e "${KEY}" -a \ "$(openssl x509 -issuer -noout < ${CERT} | sed 's/issuer= //')" = "$(openssl x509 -subject -noout < ${CERT} | sed 's/subject= //')" ]; then db_version 2.0 db_input critical make-ssl-cert/vulnerable_prng || true db_go fi fi # no need to perform any check. If the certificates are there # it will exit 0. make-ssl-cert generate-default-snakeoil # Make sure the permissions on /etc/ssl/private are okay: chgrp ssl-cert /etc/ssl/private chmod g+x /etc/ssl/private # If we're upgrading from an older version, fix the unreadable key: if dpkg --compare-versions "$2" lt 1.0.12; then chgrp ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key chmod g+r /etc/ssl/private/ssl-cert-snakeoil.key fi