install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_postfix_advanced.sh: fix error icreatunf / installing DH parameters.

Browse Source
This commit is contained in:
Christoph 2023-11-15 16:42:05 +01:00
parent ba988c63bc
commit 23165653f5
1 changed files with 62 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
install_postfix_advanced.sh
View File

@ -2620,9 +2620,21 @@ fi
## - with EDH ciphers (length 512 and 1024 ## - with EDH ciphers (length 512 and 1024
## - ## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then if [[ ! -f /etc/postfix/ssl/dh_512.pem ]]; then
openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 if [[ $DIST_VERSION -gt 11 ]] ; then
#openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_512.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -2631,10 +2643,26 @@ if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
else else
echo_skipped echo_skipped
fi fi
else
echo_skipped
fi
fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then if [[ ! -f /etc/postfix/ssl/dh_1024.pem ]]; then
openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 if [[ $DIST_VERSION -gt 11 ]] ; then
#openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_1024.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -2643,10 +2671,26 @@ if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
else else
echo_skipped echo_skipped
fi fi
else
echo_skipped
fi
fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then if [[ ! -f /etc/postfix/ssl/dh_2048.pem ]]; then
openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 if [[ $DIST_VERSION -gt 11 ]] ; then
#openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_2048.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -2655,6 +2699,12 @@ if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
else else
echo_skipped echo_skipped
fi fi
else
echo_skipped
fi
fi
echononl " Create Symlink \"$_TLS_CERT_FILE\"" echononl " Create Symlink \"$_TLS_CERT_FILE\""
if [ ! -h "$_TLS_CERT_FILE" ]; then if [ ! -h "$_TLS_CERT_FILE" ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE