Würg around some nasty axTLS keying bugs

[project/luci.git] / libs / nixio / axtls-root / usr / sbin / nixio-axtls-checkkey

diff --git a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
index 994f24e..22bb1f8 100755 (executable)
--- a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
+++ b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
@@ -1,16 +1,20 @@
 #!/usr/bin/lua
 local nixio = require "nixio"
+local fs = require "nixio.fs"
 local posix
 local defkey = nixio.meta_tls_context.tls_defaultkey
-if not defkey or io.open(defkey) then
+local okey = "646e6b90d1ad02719cb1b221b7ce447a"
+
+if (not defkey or io.open(defkey)) and
+not (nixio.crypto.hash("md5"):update(fs.readfile(defkey)):final()) == okey then
        os.exit(0)
 end
 
-if os.execute("which openssl") then
+if os.execute("which openssl >/dev/null") == 0 then
        io.stderr:write("Warning: OpenSSL detected "..
        "but it looks like nixio was linked against axtls\n")
        os.execute("umask 0077;openssl genrsa -out '" .. defkey .. "' 2048")
-elseif os.execute("which dropbearkey && which dropbearconvert") then
+elseif os.execute("which dropbearkey >/dev/null && which dropbearconvert >/dev/null") == 0 then
        os.execute("dropbearkey -t rsa -s 2048 -f /tmp/dbkey.rsa")
        os.execute("umask 0077;dropbearconvert dropbear openssh /tmp/dbkey.rsa '"..defkey.."'")
        os.remove("/tmp/dbkey.rsa")