This file is indexed.

/usr/share/doc/libmyproxy-dev/extras/myproxy-certreq-checker is in libmyproxy-doc 6.1.28-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/bin/sh

# example certificate_request_checker script

# pull certreq from stdin to shell variable
certreq=`openssl req -text`

# check for blacklisted Debian keys
blacklist=`ls /usr/local/openssl-blacklist/blacklist.RSA-*`
tag=`echo "$certreq" | \
     openssl req -noout -modulus|sha1sum|cut -d ' ' -f 1|cut -c21-41`
if [ `cat $blacklist | grep -c $tag` -ne 0 ]; then
    echo "known weak Debian key in certificate request" 1>&2
    exit 1
fi

# check for weak exponents
exponent=`echo "$certreq" | \
          openssl req -noout -pubkey | \
          openssl rsa -pubin -text -noout | \
          grep Exponent | awk '{print $2}'`
if [ "$exponent" -lt 65537 ]; then
    echo "weak exponent ($exponent < 65537) in certificate request" 1>&2
    exit 1
fi

# all done
exit 0