#!/bin/bash

LBPREFIX=$PRODTREE/openssl
BINDIR=$LBPREFIX/bin
ETCSSL=$LBPREFIX/etc/ssl
LINKSSL=/etc/ssl
MCDIR=$LBPREFIX/makecerts
export PATH=$BINDIR:$PATH

if [ \! -d "$MCDIR" ]; then
    echo Error
    exit 1
fi

#---------------------------------------------------------------------

DHFILE=/etc/ssl/certs/dhparam.pem
THFILE=/tmp/dhparam.pem
rm -fr $THFILE

if [   -f $DHFILE ]; then
    cp -p $DHFILE $THFILE
fi

#---------------------------------------------------------------------

rm -fr   $ETCSSL $LINKSSL
mkdir -p $ETCSSL
ln -nsf  $ETCSSL $LINKSSL
cd       $ETCSSL

tar zxvf $MCDIR/etcssl.tar.gz
rm -fr cert.pem

#---------------------------------------------------------------------

mkdir  xtmp
cd     xtmp
cp -a  $MCDIR/{make-ca.sh,certdata.txt} .
chmod  755 make-ca.sh
./make-ca.sh
cd     ..

rm -fr xtmp certdata.txt
ln -nsf ca-bundle.crt cert.pem

#---------------------------------------------------------------------

if [ -f $THFILE ]; then
    echo Using old $DHFILE
    mv  $THFILE $DHFILE
else
    echo Creating $DHFILE

    if [ "@$LACARCH" == "@glibc32" ]; then
        echo $PRODTREE/openssl/bin/openssl dhparam -out $DHFILE 1024
             $PRODTREE/openssl/bin/openssl dhparam -out $DHFILE 1024
    else
        echo $PRODTREE/openssl/bin/openssl dhparam -out $DHFILE 2048
             $PRODTREE/openssl/bin/openssl dhparam -out $DHFILE 2048
    fi
fi
ls -l $DHFILE

#---------------------------------------------------------------------

# "go" needs the following. Possibly other packages as well.
#
ln -nsf ca-bundle.crt ca-bundle.pem

#---------------------------------------------------------------------
# End of file.