diff options
Diffstat (limited to 'debian/strongswan-starter.config')
-rw-r--r-- | debian/strongswan-starter.config | 61 |
1 files changed, 30 insertions, 31 deletions
diff --git a/debian/strongswan-starter.config b/debian/strongswan-starter.config index eb5f2c2dd..cb9de0964 100644 --- a/debian/strongswan-starter.config +++ b/debian/strongswan-starter.config @@ -2,8 +2,6 @@ . /usr/share/debconf/confmodule -db_input medium strongswan/start_level || true - # disable for now, until we can deal with the don't-edit-conffiles situation #db_input high strongswan/ikev1 || true #db_input high strongswan/ikev2 || true @@ -12,36 +10,37 @@ db_input medium strongswan/restart || true db_input high strongswan/enable-oe || true -db_input high strongswan/create_rsa_key || true -db_go || true - -db_get strongswan/create_rsa_key +db_get strongswan/install_x509_certificate if [ "$RET" = "true" ]; then - # create a new certificate - db_input medium strongswan/rsa_key_length || true - db_input high strongswan/x509_self_signed || true - # we can't allow the country code to be empty - openssl will - # refuse to create a certificate this way - countrycode="" - while [ -z "$countrycode" ]; do - db_input medium strongswan/x509_country_code || true - db_go || true - db_get strongswan/x509_country_code - countrycode="$RET" - done - db_input medium strongswan/x509_state_name || true - db_input medium strongswan/x509_locality_name || true - db_input medium strongswan/x509_organization_name || true - db_input medium strongswan/x509_organizational_unit || true - db_input medium strongswan/x509_common_name || true - db_input medium strongswan/x509_email_address || true + db_input high strongswan/how_to_get_x509_certificate || true db_go || true -else - db_get strongswan/existing_x509_certificate - if [ "$RET" = "true" ]; then - # existing certificate - use it - db_input critical strongswan/existing_x509_certificate_filename || true - db_input critical strongswan/existing_x509_key_filename || true - db_go || true + + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # create a new certificate + db_input medium strongswan/rsa_key_length || true + db_input high strongswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium strongswan/x509_country_code || true + db_go || true + db_get strongswan/x509_country_code + countrycode="$RET" + done + db_input medium strongswan/x509_state_name || true + db_input medium strongswan/x509_locality_name || true + db_input medium strongswan/x509_organization_name || true + db_input medium strongswan/x509_organizational_unit || true + db_input medium strongswan/x509_common_name || true + db_input medium strongswan/x509_email_address || true + db_go || true + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_input critical strongswan/existing_x509_certificate_filename || true + db_input critical strongswan/existing_x509_key_filename || true + db_input critical strongswan/existing_x509_rootca_filename || true + db_go || true fi fi |