Mercurial > hg > freeDiameter
changeset 579:8c62a1c435e8
Updated package to speedup startup
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Wed, 27 Oct 2010 11:01:46 +0900 |
parents | 7c9a00bfd115 |
children | 30fcb609b2b1 |
files | contrib/OpenWRT/packages/freeDiameter/Makefile |
diffstat | 1 files changed, 19 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/contrib/OpenWRT/packages/freeDiameter/Makefile Wed Oct 27 10:52:30 2010 +0900 +++ b/contrib/OpenWRT/packages/freeDiameter/Makefile Wed Oct 27 11:01:46 2010 +0900 @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeDiameter -PKG_REV:=575 +PKG_REV:=578 PKG_VERSION:=r$(PKG_REV) PKG_RELEASE:=1 @@ -112,7 +112,8 @@ >> $(1)/etc/freeDiameter/freeDiameter.conf echo "TLS_CA = \"/etc/freeDiameter/freeDiameter.ca.pem\";" \ >> $(1)/etc/freeDiameter/freeDiameter.conf - echo "TLS_DH_Bits = 768;" >> $(1)/etc/freeDiameter/freeDiameter.conf + echo "TLS_DH_File = \"/etc/freeDiameter/dh.pem\";" + >> $(1)/etc/freeDiameter/freeDiameter.conf echo "SCTP_streams = 3;" >> $(1)/etc/freeDiameter/freeDiameter.conf echo "LoadExtension = \"dict_nasreq.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf echo "LoadExtension = \"dict_eap.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf @@ -182,15 +183,19 @@ # Certificate configuration if [ ! -f "/usr/bin/certtool" ]; then - echo "certtool is not installed, skipping creation of default certificate." + echo "certtool is not installed, skipping creation of default certificate and DH parameters." + echo "The following files are expected by freeDiameter:" + echo " /etc/freeDiameter/freeDiameter.key" + echo " /etc/freeDiameter/freeDiameter.pem" + echo " /etc/freeDiameter/freeDiameter.ca.pem" + echo " /etc/freeDiameter/dh.pem" exit 0 fi +if [ ! -f "/etc/freeDiameter/freeDiameter.key" ]; then + echo "Creating a new private key for freeDiameter, please wait" + certtool -p --outfile /etc/freeDiameter/freeDiameter.key +fi if [ ! -f "/etc/freeDiameter/freeDiameter.pem" ]; then - if [ ! -f "/etc/freeDiameter/freeDiameter.key" ]; then - echo "Creating a new private key for freeDiameter TLS layer, please wait" - certtool -p --outfile /etc/freeDiameter/freeDiameter.key - fi - echo "Creating a new certificate for freeDiameter TLS layer" echo "organization = freeDiameter" > /tmp/template.cnf echo "unit = OpenWRT" >>/tmp/template.cnf echo "state = internet" >>/tmp/template.cnf @@ -200,11 +205,12 @@ echo "signing_key" >>/tmp/template.cnf echo "encryption_key" >>/tmp/template.cnf if [ ! -f "/etc/freeDiameter/freeDiameter.csr" ]; then - echo "Creating a new CSR" + echo "Creating a new CSR (use if you have a separate CA)" certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \ --outfile /etc/freeDiameter/freeDiameter.csr \ --template /tmp/template.cnf fi + echo "Creating a new certificate for freeDiameter" certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \ --outfile /etc/freeDiameter/freeDiameter.pem \ --template /tmp/template.cnf @@ -222,6 +228,10 @@ echo " Add the content of /etc/freeDiameter/freeDiameter.pem into your server's trusted CA file" echo "========================================================================" fi +if [ ! -f "/etc/freeDiameter/dh.pem" ]; then + echo "Creating new Diffie-Hellmann parameters file. This operation takes a while..." + certtool --generate-dh-params --outfile /etc/freeDiameter/dh.pem +fi endef $(eval $(call BuildPackage,freeDiameter))