This file is indexed.

/usr/bin/charybdis-genssl is in charybdis 3.5.5-2build2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/sh
prefix="/usr"
exec_prefix="${prefix}"
sysconfdir="/etc/charybdis"

echo "Generating private key and CSR... "
openssl req -new -newkey rsa:4096 -nodes -sha512 -out "${sysconfdir}"/ssl.csr -keyout "${sysconfdir}"/ssl.key

echo "Self-signing certificate..."
openssl x509 -req -sha512 -days 365 -in "${sysconfdir}"/ssl.csr -signkey "${sysconfdir}"/ssl.key -out "${sysconfdir}"/ssl.pem

echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. "
openssl dhparam -out "${sysconfdir}"/dh.pem 2048

# If sysconfdir is relative to prefix, make the path relative. I.e.,
# prefix=/usr and sysconfdir=/etc -> relative_sysconfdir=/etc,
# prefix=/home/binki/chary and sysconfdir=/home/binki/chary/etc ->
# relative_sysconfdir=etc
relative_sysconfdir="${sysconfdir#${prefix%/}/}"
relative_sysconfdir="${relative_sysconfdir%/}"

cat <<EOF


Now change these lines in the IRCd config file:

    ssl_private_key = "${relative_sysconfdir}/ssl.key";
    ssl_cert = "${relative_sysconfdir}/ssl.pem";
    ssl_dh_params = "${relative_sysconfdir}/dh.pem";

If you want to get your certificate signed by a certificate authority,
submit the ssl.csr file to your CA, then replace ssl.pem with the
certificate returned to you. You may need to include your CA's
intermediate certificates in signing order.

Enjoy using ssl.
EOF