aboutsummaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2012-06-26 17:53:12 -0300
committerSilvio Rhatto <rhatto@riseup.net>2012-06-26 17:53:12 -0300
commitd2c24ab6116d8dfcb8a6b8a576313f13b953312b (patch)
tree7536729f8c1228e2be2194fd3e701cea70852710 /share
parent3bb919078c3a2ec1656d8cfa96d817d1f3892556 (diff)
downloadkeyringer-d2c24ab6116d8dfcb8a6b8a576313f13b953312b.tar.gz
keyringer-d2c24ab6116d8dfcb8a6b8a576313f13b953312b.tar.bz2
Fixing debian/copyright ; removing ssl-cacert from genpair so keyringer do not have any third-party code
Diffstat (limited to 'share')
-rwxr-xr-xshare/keyringer/genpair29
1 files changed, 12 insertions, 17 deletions
diff --git a/share/keyringer/genpair b/share/keyringer/genpair
index 140361a..85ec1ac 100755
--- a/share/keyringer/genpair
+++ b/share/keyringer/genpair
@@ -101,10 +101,6 @@ function genpair_ssl {
cd "$TMPWORK"
# Generate certificate
- if [ "$KEYTYPE" == "ssl-cacert" ]; then
- # We use a custom script for CaCert
- "$LIB/csr.sh" "$NODE"
- else
cat <<EOF >> openssl.conf
[ req ]
default_keyfile = ${NODE}_privatekey.pem
@@ -127,22 +123,21 @@ commonName = Common Name
extendedKeyUsage=serverAuth,clientAuth
EOF
- # Add SubjectAltNames so wildcard certs can work correctly.
- if [ "$WILDCARD" == "yes" ]; then
+ # Add SubjectAltNames so wildcard certs can work correctly.
+ if [ "$WILDCARD" == "yes" ]; then
cat <<EOF >> openssl.conf
subjectAltName=DNS:${NODE}, DNS:${CNAME}
EOF
- fi
+ fi
- echo "Please review your OpenSSL configuration:"
- cat openssl.conf
- read -p "Hit ENTER to continue." prompt
+ echo "Please review your OpenSSL configuration:"
+ cat openssl.conf
+ read -p "Hit ENTER to continue." prompt
- openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \
- -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
+ openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \
+ -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
- openssl req -noout -text -in ${NODE}_csr.pem
- fi
+ openssl req -noout -text -in ${NODE}_csr.pem
# Self-sign
if [ "$KEYTYPE" == "ssl-self" ]; then
@@ -199,9 +194,9 @@ CWD="`pwd`"
# Verify
if [ -z "$NODE" ]; then
- echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-cacert|ssl-self> <file> <hostname> [outfile]"
+ echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
echo -e "Options:"
- echo -e "\t gpg|ssh|ssl[-cacert,-self]: key type."
+ echo -e "\t gpg|ssh|ssl[-self]: key type."
echo -e "\t file : base file name for encrypted output (relative to keys folder)"
echo -e "\t hostname : host for the key pair"
echo -e "\t outfile : optional unencrypted output file, useful for deployment"
@@ -216,7 +211,7 @@ keyringer_set_tmpfile genpair -d
# Dispatch
echo "Generating $KEYTYPE key for $NODE..."
-if [ "$KEYTYPE" == "ssl-self" ] || [ "$KEYTYPE" == "ssl-cacert" ]; then
+if [ "$KEYTYPE" == "ssl-self" ]; then
genpair_ssl
else
genpair_"$KEYTYPE"