blob: e779a2ab1558f9f9bd9e28dc8bb8208638592ad6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#!/bin/sh -e
. /usr/share/debconf/confmodule
db_input medium openswan/start_level || true
db_input medium openswan/restart || true
db_input high openswan/enable-oe || true
db_input high openswan/create_rsa_key || true
db_go || true
db_get openswan/create_rsa_key
if [ "$RET" = "true" ]; then
db_input high openswan/rsa_key_type || true
db_go || true
db_get openswan/rsa_key_type
if [ "$RET" = "plain" ]; then
# create just a plain RSA keypair
db_input medium openswan/rsa_key_length || true
db_go || true
else
# extract the RSA keypair from a x509 certificate
db_input high openswan/existing_x509_certificate || true
db_go || true
# create a new certificate
db_input medium openswan/rsa_key_length || true
db_input high openswan/x509_self_signed || true
# we can't allow the country code to be empty - openssl will
# refuse to create a certificate this way
countrycode=""
while [ -z "$countrycode" ]; do
db_input medium openswan/x509_country_code || true
db_go || true
db_get openswan/x509_country_code
countrycode="$RET"
done
db_input medium openswan/x509_state_name || true
db_input medium openswan/x509_locality_name || true
db_input medium openswan/x509_organization_name || true
db_input medium openswan/x509_organizational_unit || true
db_input medium openswan/x509_common_name || true
db_input medium openswan/x509_email_address || true
db_go || true
fi
else
db_get openswan/existing_x509_certificate
if [ "$RET" = "true" ]; then
# existing certificate - use it
db_input critical openswan/existing_x509_certificate_filename || true
db_input critical openswan/existing_x509_key_filename || true
db_go || true
fi
fi
|
