projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
MacOSX doesn't have ftime().
[openssl.git]
/
apps
/
CA.pl.in
diff --git
a/apps/CA.pl.in
b/apps/CA.pl.in
index 0e0b7fc0bc9c0a04f063fefeadae61ce415e3e48..8b2ce7ea4248250f8109c75c0212e8352f0d2c06 100644
(file)
--- a/
apps/CA.pl.in
+++ b/
apps/CA.pl.in
@@
-5,7
+5,7
@@
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request
+# CA -newreq
[-nodes]
... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
@@
-36,6
+36,7
@@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
@@
-53,7
+54,7
@@
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-new
req-nodes|-new
ca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@@
-65,8
+66,13
@@
foreach (@ARGV) {
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newreq-nodes$/) {
+ # create a certificate request
+ system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
} elsif (/^-newca$/) {
- # if explictly asked for or it doesn't exist then setup the
+ # if explic
i
tly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
@@
-116,6
+122,11
@@
foreach (@ARGV) {
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
+ } elsif (/^(-signCA)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-extensions v3_ca -infiles newreq.pem");
+ $RET=$?;
+ print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
@@
-137,7
+148,7
@@
foreach (@ARGV) {
}
} else {
print STDERR "Unknown arg $_\n";
}
} else {
print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-new
req-nodes|-new
ca|-sign|-verify\n";
exit 1;
}
}
exit 1;
}
}