The documentation reads: --cut: http://exim.org/exim-html-current/doc/html/spec_html/ch39.html -- To replace the parameters with new ones, instead of deleting the file and letting Exim re-create it, you can generate new parameters using certtool and, when this has been done, replace Exim’s cache file by renaming. The relevant commands are something like this:
# rm -f new-params # touch new-params # chown exim:exim new-params # chmod 0400 new-params # certtool --generate-privkey --bits 512 >new-params # echo "" >>new-params # certtool --generate-dh-params --bits 1024 >> new-params # mv new-params gnutls-params --cut: http://exim.org/exim-html-current/doc/html/spec_html/ch39.html -- Arguably, it doesn't make sense to use >> here. Also, while it may not be a problem in practice, the use of touch(1) followed by chmod(1) is a race, easily avoidable with the use of the umask command. Consider, e. g., the following example code instead: #!/bin/sh rm -f new-params umask 0277 { certtool --generate-privkey --bits 512 echo "" certtool --generate-dh-params --bits 1024 } > new-params chown exim:exim new-params mv new-params gnutls-params Should something like mktemp(1) be used as well, the rm(1) vs. touch(1) race will also be avoided, and it will be perfectly safe to run multiple instances of the code above at once. (Just as with Exim computing new D-H parameters by itself.) -- FSF associate member #7257 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
