|
|
d01bb5 |
From 3254abb3f30a051761eac1c03a236015fcd44cf9 Mon Sep 17 00:00:00 2001
|
|
|
d01bb5 |
From: Tomas Jelinek <tojeline@redhat.com>
|
|
|
d01bb5 |
Date: Thu, 17 Oct 2019 11:52:30 +0200
|
|
|
d01bb5 |
Subject: [PATCH 1/5] do not generate custom DH key unless requested
|
|
|
d01bb5 |
|
|
|
d01bb5 |
---
|
|
|
d01bb5 |
pcsd/ssl.rb | 17 ++++++++++-------
|
|
|
d01bb5 |
1 file changed, 10 insertions(+), 7 deletions(-)
|
|
|
d01bb5 |
|
|
|
d01bb5 |
diff --git a/pcsd/ssl.rb b/pcsd/ssl.rb
|
|
|
d01bb5 |
index c71aad08..de356e46 100644
|
|
|
d01bb5 |
--- a/pcsd/ssl.rb
|
|
|
d01bb5 |
+++ b/pcsd/ssl.rb
|
|
|
d01bb5 |
@@ -153,14 +153,15 @@ else
|
|
|
d01bb5 |
end
|
|
|
d01bb5 |
end
|
|
|
d01bb5 |
|
|
|
d01bb5 |
-dh_key_bits_default = 1024
|
|
|
d01bb5 |
-dh_key_bits = dh_key_bits_default
|
|
|
d01bb5 |
+dh_key_bits = 0
|
|
|
d01bb5 |
if ENV['PCSD_SSL_DH_KEX_BITS']
|
|
|
d01bb5 |
- dh_key_bits = Integer(ENV['PCSD_SSL_DH_KEX_BITS']) rescue dh_key_bits_default
|
|
|
d01bb5 |
+ dh_key_bits = Integer(ENV['PCSD_SSL_DH_KEX_BITS']) rescue 0
|
|
|
d01bb5 |
+end
|
|
|
d01bb5 |
+if dh_key_bits > 0
|
|
|
d01bb5 |
+ $logger.info "Generating #{dh_key_bits}bits long DH key..."
|
|
|
d01bb5 |
+ dh_key = OpenSSL::PKey::DH.generate(dh_key_bits)
|
|
|
d01bb5 |
+ $logger.info "DH key created"
|
|
|
d01bb5 |
end
|
|
|
d01bb5 |
-$logger.info "Generating #{dh_key_bits}bits long DH key..."
|
|
|
d01bb5 |
-dh_key = OpenSSL::PKey::DH.generate(dh_key_bits)
|
|
|
d01bb5 |
-$logger.info "DH key created"
|
|
|
d01bb5 |
|
|
|
d01bb5 |
default_bind = true
|
|
|
d01bb5 |
# see https://github.com/ClusterLabs/pcs/issues/51
|
|
|
d01bb5 |
@@ -185,8 +186,10 @@ webrick_options = {
|
|
|
d01bb5 |
:SSLPrivateKey => OpenSSL::PKey::RSA.new(key),
|
|
|
d01bb5 |
:SSLCertName => [[ "CN", server_name ]],
|
|
|
d01bb5 |
:SSLOptions => get_ssl_options(),
|
|
|
d01bb5 |
- :SSLTmpDhCallback => lambda {|ctx, is_export, keylen| dh_key},
|
|
|
d01bb5 |
}
|
|
|
d01bb5 |
+if dh_key_bits > 0
|
|
|
d01bb5 |
+ webrick_options[:SSLTmpDhCallback] = lambda {|ctx, is_export, keylen| dh_key }
|
|
|
d01bb5 |
+end
|
|
|
d01bb5 |
|
|
|
d01bb5 |
server = ::Rack::Handler::WEBrick
|
|
|
d01bb5 |
trap(:INT) do
|
|
|
d01bb5 |
--
|
|
|
d01bb5 |
2.21.0
|
|
|
d01bb5 |
|