X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=utilities%2Fovs-pki.in;h=a96ada31c722ee39f50a9391e7d95977b2478002;hb=fcadd13538a07c7c98f3a83edf4dd27242794e94;hp=bf40c29586f64306d063ccf2ccbbd1636243ae13;hpb=93ea780907c2c4315ecc1a3e7823fcba3aba5e96;p=cascardo%2Fovs.git diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in index bf40c2958..a96ada31c 100755 --- a/utilities/ovs-pki.in +++ b/utilities/ovs-pki.in @@ -1,6 +1,6 @@ #! /bin/sh -# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc. +# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ bits=2048 # OS-specific compatibility routines case $(uname -s) in -FreeBSD) +FreeBSD|NetBSD) file_mod_epoch() { stat -r "$1" | awk '{print $10}' @@ -195,7 +195,7 @@ if test -z "$dsaparam"; then dsaparam=$pkidir/dsaparam.pem fi case $log in - /*) ;; + /* | ?:[\\/]*) ;; *) log=`pwd`/$log ;; esac @@ -272,9 +272,9 @@ certificate = $dir/cacert.pem # The CA cert serial = $dir/serial # serial no file private_key = $dir/private/cakey.pem# CA private key RANDFILE = $dir/private/.rand # random number file -default_days = 365 # how long to certify for +default_days = 3650 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = md5 # md to use +default_md = sha1 # message digest to use policy = policy # default policy email_in_dn = no # Don't add the email into cert DN name_opt = ca_default # Subject name display option @@ -303,7 +303,7 @@ EOF -newkey $newkey -keyout private/cakey.pem -out careq.pem \ 1>&3 2>&3 openssl ca -config ca.cnf -create_serial -out cacert.pem \ - -days 2191 -batch -keyfile private/cakey.pem -selfsign \ + -days 3650 -batch -keyfile private/cakey.pem -selfsign \ -infiles careq.pem 1>&3 2>&3 chmod 0700 private/cakey.pem @@ -429,6 +429,8 @@ make_request() { must_not_exist "$arg1-privkey.pem" must_not_exist "$arg1-req.pem" make_tmpdir + # Use uuidgen or date to create unique subject DNs. + unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"` cat > "$TMP/req.cnf" <&3 2>&3 \ @@ -459,9 +461,18 @@ sign_request() { must_not_exist "$2" pkidir_must_exist + case "$1" in + /* | ?:[\\/]*) + request_file="$1" + ;; + *) + request_file="`pwd`/$1" + ;; + esac + (cd "$pkidir/${type}ca" && - openssl ca -config ca.cnf -batch -in /dev/stdin) \ - < "$1" > "$2.tmp$$" 2>&3 + openssl ca -config ca.cnf -batch -in "$request_file") \ + > "$2.tmp$$" 2>&3 mv "$2.tmp$$" "$2" } @@ -483,7 +494,7 @@ elif test "$command" = sign; then check_type "$arg2" verify_fingerprint "$arg1-req.pem" - sign_request "$arg1-req.pem" "$arg2-cert.pem" + sign_request "$arg1-req.pem" "$arg1-cert.pem" elif test "$command" = req+sign; then one_or_two_args check_type "$arg2" @@ -512,7 +523,7 @@ elif test "$command" = self-sign; then # Create both the private key and certificate with restricted permissions. (umask 077 && \ openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem.tmp" \ - -signkey "$arg1-privkey.pem" -req -days 2191 -text) 2>&3 || exit $? + -signkey "$arg1-privkey.pem" -req -days 3650 -text) 2>&3 || exit $? # Reset the permissions on the certificate to the user's default. cat "$arg1-cert.pem.tmp" > "$arg1-cert.pem"