rpms/crypto-utils/devel genkey.pl,1.20,1.21

Elio Maldonado emaldonado at fedoraproject.org
Sun Oct 19 05:10:40 UTC 2008 

Author: emaldonado

Update of /cvs/extras/rpms/crypto-utils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19209

Modified Files:
	genkey.pl 
Log Message:
Added support for CA cert renewal when in openssl compatibilty mode


Index: genkey.pl
===================================================================
RCS file: /cvs/extras/rpms/crypto-utils/devel/genkey.pl,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- genkey.pl	11 Oct 2008 19:43:38 -0000	1.20
+++ genkey.pl	19 Oct 2008 05:10:10 -0000	1.21
@@ -74,7 +74,7 @@
     --makeca Generate a self-signed certificate for a CA
     --days   Days until expiry of self-signed certificate (default 30)
     --renew  CSR is for cert renewal, reusing existing key pair, openssl certs only
-    --isca   Renewal is for a CA certificate
+    --cacert Renewal is for a CA certificate, needed for openssl certs only
     --nss    Use the nss database for keys and certificates
 EOH
     exit 1;
@@ -124,7 +124,7 @@
 my $cert_days = 30;
 my $nss ='';
 my $renew = '';
-my $isca = '';
+my $cacert = '';
 my $modNssDbDir = '';
 my $nssNickname = '';
 my $nssDBPrefix = '';
@@ -132,7 +132,7 @@
            'genreq' => \$genreq_mode,
            'days=i' => \$cert_days,
 	       'renew'  => \$renew,
-           'isca'   => \$isca,
+	       'cacert' => \$cacert,
            'nss|n'  => \$nss,
 	       'makeca' => \$ca_mode) or usage();
 usage() unless @ARGV != 0;
@@ -1124,7 +1124,7 @@
 sub renewCertOpenSSL
 {
     my ($csrfile, # output
-        $certfile,$keyfile,$days) = @_;
+        $certfile,$keyfile,$cacert,$days) = @_;
 
     use integer;
     my $months = $days ? $days / 30 : 24;
@@ -1135,6 +1135,7 @@
     my $args = "--command genreq ";
     $args   .= "--renew $certfile "; 
     $args   .= "--input $keyfile "; 
+    $args   .= "--cacert " if $cacert;
     $args   .= "--validity $months "; 
     $args   .= "--out $csrfile ";
  
@@ -1362,10 +1363,9 @@
             $csrfile,
             $certfile, # contains cert to renew
             $keyfile,  # contains encrypted private key
+            $cacert,
             $days);
 
-    	## FIXME don't harcode password - keypwdfile and I
-    	## though it was the p12 file pwd
     }
 }

More information about the fedora-extras-commits mailing list