summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
Diffstat (limited to 'bin')
-rwxr-xr-xbin/bbackupd/bbackupd-config.in17
-rw-r--r--bin/bbackupquery/bbackupquery.cpp4
-rwxr-xr-xbin/bbstored/bbstored-certs.in8
-rwxr-xr-xbin/bbstored/bbstored-config.in17
4 files changed, 38 insertions, 8 deletions
diff --git a/bin/bbackupd/bbackupd-config.in b/bin/bbackupd/bbackupd-config.in
index 1fc224c2..43f63b4e 100755
--- a/bin/bbackupd/bbackupd-config.in
+++ b/bin/bbackupd/bbackupd-config.in
@@ -169,7 +169,7 @@ if(!-f $private_key)
if(!-f $certificate_request)
{
die "Couldn't run openssl for CSR generation" unless
- open(CSR,"|openssl req -new -key $private_key -sha1 -out $certificate_request");
+ open(CSR,"|openssl req -new -key $private_key -sha256 -out $certificate_request");
print CSR <<__E;
.
.
@@ -317,6 +317,21 @@ NotifyScript = $notify_script
__E
+if("@HAVE_SSL_CTX_SET_SECURITY_LEVEL@" eq "1")
+{
+ print CONFIG <<__E;
+# Box Backup compiled with support for SSLSecurityLevel
+SSLSecurityLevel = 2
+__E
+}
+else
+{
+ print CONFIG <<__E;
+# Box Backup compiled without support for SSLSecurityLevel
+# SSLSecurityLevel = 2
+__E
+}
+
if($backup_mode eq 'lazy')
{
# lazy mode configuration
diff --git a/bin/bbackupquery/bbackupquery.cpp b/bin/bbackupquery/bbackupquery.cpp
index e10c48fe..aef26ddc 100644
--- a/bin/bbackupquery/bbackupquery.cpp
+++ b/bin/bbackupquery/bbackupquery.cpp
@@ -364,7 +364,9 @@ int main(int argc, const char *argv[])
std::string certFile(conf.GetKeyValue("CertificateFile"));
std::string keyFile(conf.GetKeyValue("PrivateKeyFile"));
std::string caFile(conf.GetKeyValue("TrustedCAsFile"));
- tlsContext.Initialise(false /* as client */, certFile.c_str(), keyFile.c_str(), caFile.c_str());
+ int ssl_security_level(conf.GetKeyValueInt("SSLSecurityLevel"));
+ tlsContext.Initialise(false /* as client */, certFile.c_str(), keyFile.c_str(),
+ caFile.c_str(), ssl_security_level);
// Initialise keys
BackupClientCryptoKeys_Setup(conf.GetKeyValue("KeysFile").c_str());
diff --git a/bin/bbstored/bbstored-certs.in b/bin/bbstored/bbstored-certs.in
index 00085662..10072a87 100755
--- a/bin/bbstored/bbstored-certs.in
+++ b/bin/bbstored/bbstored-certs.in
@@ -122,7 +122,7 @@ sub cmd_init_create_root
# make CSR
die "Couldn't run openssl for CSR generation" unless
- open(CSR,"|openssl req -new -key $key -sha1 -out $csr");
+ open(CSR,"|openssl req -new -key $key -sha256 -out $csr");
print CSR <<__E;
.
.
@@ -140,7 +140,7 @@ __E
die "Certificate request wasn't created.\n" unless -f $csr;
# sign it to make a self-signed root CA key
- if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0)
+ if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0)
{
die "Couldn't generate root certificate."
}
@@ -201,7 +201,7 @@ __E
my $out_cert = "$cert_dir/clients/$acc"."-cert.pem";
# sign it!
- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0)
+ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0)
{
die "Signing failed"
}
@@ -257,7 +257,7 @@ __E
my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem";
# sign it!
- if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0)
+ if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0)
{
die "Signing failed"
}
diff --git a/bin/bbstored/bbstored-config.in b/bin/bbstored/bbstored-config.in
index 83305c4f..1efaf668 100755
--- a/bin/bbstored/bbstored-config.in
+++ b/bin/bbstored/bbstored-config.in
@@ -202,11 +202,24 @@ Server
CertificateFile = $certificate
PrivateKeyFile = $private_key
TrustedCAsFile = $ca_root_cert
-}
-
+__E
+if("@HAVE_SSL_CTX_SET_SECURITY_LEVEL@" eq "1")
+{
+ print CONFIG <<__E;
+ # Box Backup compiled with support for SSLSecurityLevel
+ SSLSecurityLevel = 2
__E
+}
+else
+{
+ print CONFIG <<__E;
+ # Box Backup compiled without support for SSLSecurityLevel
+ # SSLSecurityLevel = 2
+__E
+}
+print CONFIG "}\n";
close CONFIG;
# explain to the user what they need to do next