X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2FCA.pl.in;h=c783a6e6a541599f81b6055837514cc718496876;hp=2242f7e03b1c7b0430dafca30342498f881f4576;hb=e933f91f50108a43c0198cdc63ecdfdbc77b4d0d;hpb=16b1b03543fc6362f9e48f1bd9d4b153ea58c553;ds=sidebyside diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 2242f7e03b..c783a6e6a5 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -36,14 +36,22 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; $DAYS="-days 365"; # 1 year $CADAYS="-days 1095"; # 3 years -$REQ="openssl req $SSLEAY_CONFIG"; -$CA="openssl ca $SSLEAY_CONFIG"; -$VERIFY="openssl verify"; -$X509="openssl x509"; -$PKCS12="openssl pkcs12"; +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; @@ -60,19 +68,19 @@ foreach (@ARGV) { exit 0; } elsif (/^-newcert$/) { # create a certificate - system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); $RET=$?; - print "Certificate (and private key) is in newreq.pem\n" + print "Certificate is in newcert.pem, private key is in newkey.pem\n" } elsif (/^-newreq$/) { # create a certificate request - system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newreq-nodes$/) { # create a certificate request - system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); + system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); $RET=$?; - print "Request (and private key) is in newreq.pem\n"; + print "Request is in newreq.pem, private key is in newkey.pem\n"; } elsif (/^-newca$/) { # if explicitly asked for or it doesn't exist then setup the # directory structure that Eric likes to manage things @@ -84,11 +92,11 @@ foreach (@ARGV) { mkdir "${CATOP}/crl", $DIRMODE ; mkdir "${CATOP}/newcerts", $DIRMODE; mkdir "${CATOP}/private", $DIRMODE; - open OUT, ">${CATOP}/serial"; - print OUT "01\n"; - close OUT; open OUT, ">${CATOP}/index.txt"; close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; } if ( ! -f "${CATOP}/private/$CAKEY" ) { print "CA certificate filename (or enter to create)\n"; @@ -105,8 +113,10 @@ foreach (@ARGV) { print "Making CA certificate ...\n"; system ("$REQ -new -keyout " . "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); - system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . + system ("$CA -create_serial " . + "-out ${CATOP}/$CACERT $CADAYS -batch " . "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-extensions v3_ca " . "-infiles ${CATOP}/$CAREQ "); $RET=$?; } @@ -114,10 +124,11 @@ foreach (@ARGV) { } elsif (/^-pkcs12$/) { my $cname = $ARGV[1]; $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . "-certfile ${CATOP}/$CACERT -out newcert.p12 " . "-export -name \"$cname\""); $RET=$?; + print "PKCS #12 file is in newcert.p12\n"; exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem");