rpms/crypto-utils/devel genkey.pl,1.19,1.20
Elio Maldonado
emaldonado at fedoraproject.org
Sat Oct 11 19:44:08 UTC 2008
- Previous message (by thread): rpms/gnome-applet-netspeed/F-8 .cvsignore, 1.5, 1.6 gnome-applet-netspeed.spec, 1.15, 1.16 sources, 1.5, 1.6 gnome-applet-netspeed-0.15-offbyone.patch, 1.1, NONE
- Next message (by thread): rpms/crypto-utils/devel keyutil.c,1.5,1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: emaldonado
Update of /cvs/extras/rpms/crypto-utils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5125
Modified Files:
genkey.pl
Log Message:
Disabled cert renewal for certs on the database until a patch for certutil comes downstream
Index: genkey.pl
===================================================================
RCS file: /cvs/extras/rpms/crypto-utils/devel/genkey.pl,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- genkey.pl 1 Oct 2008 22:42:15 -0000 1.19
+++ genkey.pl 11 Oct 2008 19:43:38 -0000 1.20
@@ -73,7 +73,7 @@
--genreq Generate a Certificate Signing Request (CSR)
--makeca Generate a self-signed certificate for a CA
--days Days until expiry of self-signed certificate (default 30)
- --renew CSR is for cert renewal, reusing existing key pair
+ --renew CSR is for cert renewal, reusing existing key pair, openssl certs only
--isca Renewal is for a CA certificate
--nss Use the nss database for keys and certificates
EOH
@@ -129,12 +129,12 @@
my $nssNickname = '';
my $nssDBPrefix = '';
GetOptions('test|t' => \$test_mode,
- 'genreq' => \$genreq_mode,
+ 'genreq' => \$genreq_mode,
'days=i' => \$cert_days,
- 'renew' => \$renew,
- 'isca' => \$isca,
+ 'renew' => \$renew,
+ 'isca' => \$isca,
'nss|n' => \$nss,
- 'makeca' => \$ca_mode) or usage();
+ 'makeca' => \$ca_mode) or usage();
usage() unless @ARGV != 0;
$skip_random = $test_mode;
$overwrite_key = $test_mode;
@@ -1085,6 +1085,11 @@
}
# Renew a certificate which is stored in the nss database
+# Do not call this routine yet as certutil does not support
+# certificate renewal in a convenient way for scripts. We must
+# wait until NSS 3.12.2 becomes available with the fix for
+# https://bugzilla.redhat.com/show_bug.cgi?id=346731
+# for this routine to work
sub renewCertNSS
{
my ($csrfile, $dbdir, $dbprefix, $nickname, $days, $pwdfile) = @_;
@@ -1119,7 +1124,7 @@
sub renewCertOpenSSL
{
my ($csrfile, # output
- $certfile,$keyfile,$days,$isca) = @_;
+ $certfile,$keyfile,$days) = @_;
use integer;
my $months = $days ? $days / 30 : 24;
@@ -1335,22 +1340,29 @@
if ($nss) {
# Renew cert in the nss database
- renewCertNSS(
- $csrfile,
- $modNssDbDir,
- $nssDBPrefix,
- $nssNickname,
- $days,
- $tmpPasswordFile);
-
+ #
+ # Must wait until NSS 3.12.2 becomes available with the fix for
+ # https://bugzilla.redhat.com/show_bug.cgi?id=346731
+ # <<certutil -R for cert renewal should derive the subject
+ # from the cert if none is specified>>
+ #
+ # renewCertNSS($csrfile, $modNssDbDir, $nssDBPrefix, $nssNickname, $days, $tmpPasswordFile);
+ #
+ # Until then bail out.
+ #
+ Newt::newtWinMessage("Error", "Close",
+ "Certificate renewal with NSS database not yet supported:".
+ "\n\nPress return to exit");
+ Newt::Finished();
+ exit 1;
+
} else {
# Renew cert in a PEM file
renewCertOpenSSL(
$csrfile,
$certfile, # contains cert to renew
$keyfile, # contains encrypted private key
- $days,
- $isca);
+ $days);
## FIXME don't harcode password - keypwdfile and I
## though it was the p12 file pwd
- Previous message (by thread): rpms/gnome-applet-netspeed/F-8 .cvsignore, 1.5, 1.6 gnome-applet-netspeed.spec, 1.15, 1.16 sources, 1.5, 1.6 gnome-applet-netspeed-0.15-offbyone.patch, 1.1, NONE
- Next message (by thread): rpms/crypto-utils/devel keyutil.c,1.5,1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list