summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Openssl.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/Openssl.hs')
-rw-r--r--src/Propellor/Property/Openssl.hs26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/Propellor/Property/Openssl.hs b/src/Propellor/Property/Openssl.hs
new file mode 100644
index 00000000..eb373e49
--- /dev/null
+++ b/src/Propellor/Property/Openssl.hs
@@ -0,0 +1,26 @@
+-- | Maintainer: FĂ©lix Sipma <felix+propellor@gueux.org>
+
+module Propellor.Property.Openssl where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import Utility.FileMode
+import Utility.SafeCommand
+
+
+dhparamsLength :: Int
+dhparamsLength = 2048
+
+dhparams :: FilePath
+dhparams = "/etc/ssl/private/dhparams.pem"
+
+safeDhparams :: Property DebianLike
+safeDhparams = propertyList "safe dhparams" $ props
+ & File.dirExists (takeDirectory file)
+ & Apt.installed ["openssl"]
+ & check (not <$> doesFileExist file) (createDhparams file length')
+
+createDhparams :: FilePath -> Int -> Property UnixLike
+createDhparams f l = property ("generate new dhparams: " ++ f) $ liftIO $ withUmask 0o0177 $ withFile f WriteMode $ \h ->
+ cmdResult <$> boolSystem' "openssl" [Param "dhparam", Param (show l)] (\p -> p { std_out = UseHandle h })