diff options
author | Reinhard Tartler <siretart@tauware.de> | 2019-05-28 07:20:50 -0400 |
---|---|---|
committer | Reinhard Tartler <siretart@tauware.de> | 2019-05-28 07:20:50 -0400 |
commit | 6017757bc079f4446aa77bc5c0855c52741280f4 (patch) | |
tree | 41bfcfc2aab37312ef73bf9b30867a235c8117f3 /bin | |
parent | 1b839d11810d6202f9b6f41db8f0ec3197e6a867 (diff) |
New upstream version 0.13~~git20190527.g039c4a1
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/bbackupd/bbackupd-config.in | 17 | ||||
-rw-r--r-- | bin/bbackupquery/bbackupquery.cpp | 4 | ||||
-rwxr-xr-x | bin/bbstored/bbstored-certs.in | 8 | ||||
-rwxr-xr-x | bin/bbstored/bbstored-config.in | 17 |
4 files changed, 38 insertions, 8 deletions
diff --git a/bin/bbackupd/bbackupd-config.in b/bin/bbackupd/bbackupd-config.in index 1fc224c2..43f63b4e 100755 --- a/bin/bbackupd/bbackupd-config.in +++ b/bin/bbackupd/bbackupd-config.in @@ -169,7 +169,7 @@ if(!-f $private_key) if(!-f $certificate_request) { die "Couldn't run openssl for CSR generation" unless - open(CSR,"|openssl req -new -key $private_key -sha1 -out $certificate_request"); + open(CSR,"|openssl req -new -key $private_key -sha256 -out $certificate_request"); print CSR <<__E; . . @@ -317,6 +317,21 @@ NotifyScript = $notify_script __E +if("@HAVE_SSL_CTX_SET_SECURITY_LEVEL@" eq "1") +{ + print CONFIG <<__E; +# Box Backup compiled with support for SSLSecurityLevel +SSLSecurityLevel = 2 +__E +} +else +{ + print CONFIG <<__E; +# Box Backup compiled without support for SSLSecurityLevel +# SSLSecurityLevel = 2 +__E +} + if($backup_mode eq 'lazy') { # lazy mode configuration diff --git a/bin/bbackupquery/bbackupquery.cpp b/bin/bbackupquery/bbackupquery.cpp index e10c48fe..aef26ddc 100644 --- a/bin/bbackupquery/bbackupquery.cpp +++ b/bin/bbackupquery/bbackupquery.cpp @@ -364,7 +364,9 @@ int main(int argc, const char *argv[]) std::string certFile(conf.GetKeyValue("CertificateFile")); std::string keyFile(conf.GetKeyValue("PrivateKeyFile")); std::string caFile(conf.GetKeyValue("TrustedCAsFile")); - tlsContext.Initialise(false /* as client */, certFile.c_str(), keyFile.c_str(), caFile.c_str()); + int ssl_security_level(conf.GetKeyValueInt("SSLSecurityLevel")); + tlsContext.Initialise(false /* as client */, certFile.c_str(), keyFile.c_str(), + caFile.c_str(), ssl_security_level); // Initialise keys BackupClientCryptoKeys_Setup(conf.GetKeyValue("KeysFile").c_str()); diff --git a/bin/bbstored/bbstored-certs.in b/bin/bbstored/bbstored-certs.in index 00085662..10072a87 100755 --- a/bin/bbstored/bbstored-certs.in +++ b/bin/bbstored/bbstored-certs.in @@ -122,7 +122,7 @@ sub cmd_init_create_root # make CSR die "Couldn't run openssl for CSR generation" unless - open(CSR,"|openssl req -new -key $key -sha1 -out $csr"); + open(CSR,"|openssl req -new -key $key -sha256 -out $csr"); print CSR <<__E; . . @@ -140,7 +140,7 @@ __E die "Certificate request wasn't created.\n" unless -f $csr; # sign it to make a self-signed root CA key - if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0) { die "Couldn't generate root certificate." } @@ -201,7 +201,7 @@ __E my $out_cert = "$cert_dir/clients/$acc"."-cert.pem"; # sign it! - if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0) { die "Signing failed" } @@ -257,7 +257,7 @@ __E my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem"; # sign it! - if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) + if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0) { die "Signing failed" } diff --git a/bin/bbstored/bbstored-config.in b/bin/bbstored/bbstored-config.in index 83305c4f..1efaf668 100755 --- a/bin/bbstored/bbstored-config.in +++ b/bin/bbstored/bbstored-config.in @@ -202,11 +202,24 @@ Server CertificateFile = $certificate PrivateKeyFile = $private_key TrustedCAsFile = $ca_root_cert -} - +__E +if("@HAVE_SSL_CTX_SET_SECURITY_LEVEL@" eq "1") +{ + print CONFIG <<__E; + # Box Backup compiled with support for SSLSecurityLevel + SSLSecurityLevel = 2 __E +} +else +{ + print CONFIG <<__E; + # Box Backup compiled without support for SSLSecurityLevel + # SSLSecurityLevel = 2 +__E +} +print CONFIG "}\n"; close CONFIG; # explain to the user what they need to do next |