X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=utilities%2Fovs-pki.in;h=a96ada31c722ee39f50a9391e7d95977b2478002;hb=de7d3c0761a34232613ac60792c0f6cf75fdca8e;hp=1cf9274b64b9c211bcbb8b59a1910e6b6b1a7344;hpb=75797e0dd465f9a7a8a034a43dfa93eda2d7ade4;p=cascardo%2Fovs.git

diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index 1cf9274b6..a96ada31c 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -195,7 +195,7 @@ if test -z "$dsaparam"; then
     dsaparam=$pkidir/dsaparam.pem
 fi
 case $log in
-    /*) ;;
+    /* | ?:[\\/]*) ;;
     *) log=`pwd`/$log ;;
 esac
 
@@ -272,9 +272,9 @@ certificate    = $dir/cacert.pem       # The CA cert
 serial         = $dir/serial           # serial no file
 private_key    = $dir/private/cakey.pem# CA private key
 RANDFILE       = $dir/private/.rand    # random number file
-default_days   = 36525                 # how long to certify for
+default_days   = 3650                  # how long to certify for
 default_crl_days= 30                   # how long before next CRL
-default_md     = md5                   # md to use
+default_md     = sha1                  # message digest to use
 policy         = policy                # default policy
 email_in_dn    = no                    # Don't add the email into cert DN
 name_opt       = ca_default            # Subject name display option
@@ -303,7 +303,7 @@ EOF
             -newkey $newkey -keyout private/cakey.pem -out careq.pem \
             1>&3 2>&3
         openssl ca -config ca.cnf -create_serial -out cacert.pem \
-            -days 36525 -batch -keyfile private/cakey.pem -selfsign \
+            -days 3650 -batch -keyfile private/cakey.pem -selfsign \
             -infiles careq.pem 1>&3 2>&3
         chmod 0700 private/cakey.pem
 
@@ -461,9 +461,18 @@ sign_request() {
     must_not_exist "$2"
     pkidir_must_exist
 
+    case "$1" in
+        /* | ?:[\\/]*)
+            request_file="$1"
+            ;;
+        *)
+            request_file="`pwd`/$1"
+            ;;
+    esac
+
     (cd "$pkidir/${type}ca" && 
-     openssl ca -config ca.cnf -batch -in /dev/stdin) \
-        < "$1" > "$2.tmp$$" 2>&3
+     openssl ca -config ca.cnf -batch -in "$request_file") \
+        > "$2.tmp$$" 2>&3
     mv "$2.tmp$$" "$2"
 }
 
@@ -485,7 +494,7 @@ elif test "$command" = sign; then
     check_type "$arg2"
     verify_fingerprint "$arg1-req.pem"
 
-    sign_request "$arg1-req.pem" "$arg2-cert.pem"
+    sign_request "$arg1-req.pem" "$arg1-cert.pem"
 elif test "$command" = req+sign; then
     one_or_two_args
     check_type "$arg2"
@@ -514,7 +523,7 @@ elif test "$command" = self-sign; then
     # Create both the private key and certificate with restricted permissions.
     (umask 077 && \
      openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem.tmp" \
-        -signkey "$arg1-privkey.pem" -req -days 36525 -text) 2>&3 || exit $?
+        -signkey "$arg1-privkey.pem" -req -days 3650 -text) 2>&3 || exit $?
 
     # Reset the permissions on the certificate to the user's default.
     cat "$arg1-cert.pem.tmp" > "$arg1-cert.pem"