mod_gnutls's dhfile/rsafile generation

[Elan Ruusamäe]

On Sunday 09 September 2007 02:44, Adam Gołębiowski wrote:
> Hi,
>
> I was thinking about apache mod_gnutls's dhfile/rsafile files being
> generate in %post, which could be done by something similiar to:
>
> --- cut ---
> %post
> if [ "$1" = "0" ]; then
> 	d=/etc/httpd/tls
> 	[ -f "$d/dhfile" ] || /usr/bin/certtool --generate-dh-params --bits 1024
> --outfile $d/dhfile [ -f "$d/rsafile" ] || /usr/bin/certtool
> --generate-privkey --bits 512 --outfile $d/rsafile fi
> --- cut ---
>
> but the process may take some time on slower machines, or those where
> /dev/random tends to block while waiting for entropy pool.

other way is openssh way -- when service is started, but that's modifying 
apache.spec 

-- 
glen