From bb7e408d758f2859db12ce6baf9f1b428e406658 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 27 Mar 2017 15:54:11 +0200
Subject: [LighttpdHttps] Update script to generate 2048 bit dh params

---
 scripts/install-https | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/scripts/install-https b/scripts/install-https
index a4ea8df..ad77a97 100755
--- a/scripts/install-https
+++ b/scripts/install-https
@@ -48,6 +48,8 @@ op_import ()
 	if [ -s "$CHAIN" ]; then
 		openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAINFILE"
 	fi
+	generate_dh
+	return 0
 }
 
 op_random ()
@@ -56,6 +58,22 @@ op_random ()
 	rm -f -- "$CHAINFILE"
 	openssl req -x509 -new -newkey rsa:4096 -keyout "$CERTFILE" -out "$CERTFILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2
 	chmod 0600 "$CERTFILE" || exit 3
+	generate_dh
+	return 0
+}
+
+generate_dh ()
+{
+	local DHPARAM="/etc/lighttpd/dhparam.pem"
+	if ! [ -s "$DHPARAM" ]; then
+		echo "Generating DH parameters (this takes a while)..."
+		if openssl dhparam -out "$DHPARAM" 2048 >/dev/null 2>&1; then
+			echo "done"
+		else
+			echo "failed"
+			rm -f -- "$DHPARAM"
+		fi
+	fi
 }
 
 OP=$1
-- 
cgit v1.2.3-55-g7522