From a1365ee37ccffa2be499d483ff1356d9f71013de Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 12 Dec 2013 21:17:53 +0100
Subject: [PATCH] httpscert: Use regular random source.

Previous to this patch, the kernel image file and internal
configuration settings have been used as a source for random
data, which is not random at all.
---
 src/scripts/httpscert | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/scripts/httpscert b/src/scripts/httpscert
index fb2d64bace..ff48b602e0 100644
--- a/src/scripts/httpscert
+++ b/src/scripts/httpscert
@@ -6,13 +6,9 @@
 # See how we were called.
 case "$1" in
   new)
-	# set temporary random file
-	export RANDFILE=/root/.rnd
 	if [ ! -f /etc/httpd/server.key ]; then
 		echo "Generating https server key."
-		/usr/bin/openssl genrsa -rand \
-			/boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
-			/etc/httpd/server.key 1024
+		/usr/bin/openssl genrsa -out /etc/httpd/server.key 1024
 	fi
 	echo "Generating CSR"
 	/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
@@ -21,9 +17,6 @@ case "$1" in
 	/usr/bin/openssl x509 -req -days 999999 -in \
 		/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
 		/etc/httpd/server.crt
-	# unset and remove random file
-	export -n RANDFILE
-	rm -f /root/.rnd
  	;;
   read)
 	if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
-- 
2.39.2