diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2012-06-26 17:53:12 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2012-06-26 17:53:12 -0300 |
commit | d2c24ab6116d8dfcb8a6b8a576313f13b953312b (patch) | |
tree | 7536729f8c1228e2be2194fd3e701cea70852710 /share | |
parent | 3bb919078c3a2ec1656d8cfa96d817d1f3892556 (diff) | |
download | keyringer-d2c24ab6116d8dfcb8a6b8a576313f13b953312b.tar.gz keyringer-d2c24ab6116d8dfcb8a6b8a576313f13b953312b.tar.bz2 |
Fixing debian/copyright ; removing ssl-cacert from genpair so keyringer do not have any third-party code
Diffstat (limited to 'share')
-rwxr-xr-x | share/keyringer/genpair | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/share/keyringer/genpair b/share/keyringer/genpair index 140361a..85ec1ac 100755 --- a/share/keyringer/genpair +++ b/share/keyringer/genpair @@ -101,10 +101,6 @@ function genpair_ssl { cd "$TMPWORK" # Generate certificate - if [ "$KEYTYPE" == "ssl-cacert" ]; then - # We use a custom script for CaCert - "$LIB/csr.sh" "$NODE" - else cat <<EOF >> openssl.conf [ req ] default_keyfile = ${NODE}_privatekey.pem @@ -127,22 +123,21 @@ commonName = Common Name extendedKeyUsage=serverAuth,clientAuth EOF - # Add SubjectAltNames so wildcard certs can work correctly. - if [ "$WILDCARD" == "yes" ]; then + # Add SubjectAltNames so wildcard certs can work correctly. + if [ "$WILDCARD" == "yes" ]; then cat <<EOF >> openssl.conf subjectAltName=DNS:${NODE}, DNS:${CNAME} EOF - fi + fi - echo "Please review your OpenSSL configuration:" - cat openssl.conf - read -p "Hit ENTER to continue." prompt + echo "Please review your OpenSSL configuration:" + cat openssl.conf + read -p "Hit ENTER to continue." prompt - openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \ - -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem + openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \ + -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem - openssl req -noout -text -in ${NODE}_csr.pem - fi + openssl req -noout -text -in ${NODE}_csr.pem # Self-sign if [ "$KEYTYPE" == "ssl-self" ]; then @@ -199,9 +194,9 @@ CWD="`pwd`" # Verify if [ -z "$NODE" ]; then - echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-cacert|ssl-self> <file> <hostname> [outfile]" + echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]" echo -e "Options:" - echo -e "\t gpg|ssh|ssl[-cacert,-self]: key type." + echo -e "\t gpg|ssh|ssl[-self]: key type." echo -e "\t file : base file name for encrypted output (relative to keys folder)" echo -e "\t hostname : host for the key pair" echo -e "\t outfile : optional unencrypted output file, useful for deployment" @@ -216,7 +211,7 @@ keyringer_set_tmpfile genpair -d # Dispatch echo "Generating $KEYTYPE key for $NODE..." -if [ "$KEYTYPE" == "ssl-self" ] || [ "$KEYTYPE" == "ssl-cacert" ]; then +if [ "$KEYTYPE" == "ssl-self" ]; then genpair_ssl else genpair_"$KEYTYPE" |