diff options
| author | Alex Harpin <development@landsofshadow.co.uk> | 2014-08-09 10:33:15 +0100 |
|---|---|---|
| committer | Alex Harpin <development@landsofshadow.co.uk> | 2014-08-09 10:33:15 +0100 |
| commit | 56846d1ccd66051ad85a70329b1988de74301988 (patch) | |
| tree | 75c4d2da91195191c10104c15dad17e59eb1008f /scripts | |
| parent | 960810b0b56d404b4abf275abfadfe3d77888ae5 (diff) | |
| download | vyatta-op-vpn-56846d1ccd66051ad85a70329b1988de74301988.tar.gz vyatta-op-vpn-56846d1ccd66051ad85a70329b1988de74301988.zip | |
vyatta-op-vpn: prevent invalid rsa key file from being generated
If the command "generate vpn rsa-key" is aborted during key generation
it leaves behind a temporary file. If the command is then executed
again, this temporary file is appended to rather than being replaced,
resulting in a key file with an extra : RSA { line at the beginning.
This patch checks if this temporary file exists, deleting it if it
does.
Bug #262 http://bugzilla.vyos.net/show_bug.cgi?id=262
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/gen_local_rsa_key.pl | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/scripts/gen_local_rsa_key.pl b/scripts/gen_local_rsa_key.pl index 4f800ab..ce3f69b 100755 --- a/scripts/gen_local_rsa_key.pl +++ b/scripts/gen_local_rsa_key.pl @@ -85,6 +85,21 @@ if (-r $local_key_file) { } } +# Remove the temporary file used to hold the new key if it already exists +# as this can cause invalid key generation if a previous run has been +# aborted. + +my $temp_key_file = $local_key_file.".new"; + +if (-e $temp_key_file) { + $cmd = "rm $temp_key_file"; + vpn_debug $cmd; + $rc = system($cmd); + if ($rc != 0) { + die "Cannot remove temporary key file $!\n"; + } +} + $cmd = "/usr/lib/ipsec/newhostkey --output $local_key_file --bits $bits"; # # The default random number generator is /dev/random, but it will block |