mirror of https://github.com/openssl/openssl
Abstract out policy and extensions in CA.pl
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13819)
This commit is contained in:
parent
8c08c8b37c
commit
3066cf2614
|
@ -36,6 +36,8 @@ my $CACERT = "cacert.pem";
|
||||||
my $CACRL = "crl.pem";
|
my $CACRL = "crl.pem";
|
||||||
my $DAYS = "-days 365";
|
my $DAYS = "-days 365";
|
||||||
my $CADAYS = "-days 1095"; # 3 years
|
my $CADAYS = "-days 1095"; # 3 years
|
||||||
|
my $EXTENSIONS = "-extensions v3_ca";
|
||||||
|
my $POLICY = "-policy policy_anything";
|
||||||
my $NEWKEY = "newkey.pem";
|
my $NEWKEY = "newkey.pem";
|
||||||
my $NEWREQ = "newreq.pem";
|
my $NEWREQ = "newreq.pem";
|
||||||
my $NEWCERT = "newcert.pem";
|
my $NEWCERT = "newcert.pem";
|
||||||
|
@ -179,7 +181,7 @@ if ($WHAT eq '-newcert' ) {
|
||||||
$RET = run("$CA -create_serial"
|
$RET = run("$CA -create_serial"
|
||||||
. " -out ${CATOP}/$CACERT $CADAYS -batch"
|
. " -out ${CATOP}/$CACERT $CADAYS -batch"
|
||||||
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
|
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
|
||||||
. " -extensions v3_ca"
|
. " $EXTENSIONS"
|
||||||
. " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
|
. " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
|
||||||
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
|
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
|
||||||
}
|
}
|
||||||
|
@ -191,19 +193,19 @@ if ($WHAT eq '-newcert' ) {
|
||||||
. " -export -name \"$cname\" $EXTRA{pkcs12}");
|
. " -export -name \"$cname\" $EXTRA{pkcs12}");
|
||||||
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
|
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
|
||||||
} elsif ($WHAT eq '-xsign' ) {
|
} elsif ($WHAT eq '-xsign' ) {
|
||||||
$RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}");
|
$RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
|
||||||
} elsif ($WHAT eq '-sign' ) {
|
} elsif ($WHAT eq '-sign' ) {
|
||||||
$RET = run("$CA -policy policy_anything -out $NEWCERT"
|
$RET = run("$CA $POLICY -out $NEWCERT"
|
||||||
. " -infiles $NEWREQ $EXTRA{ca}");
|
. " -infiles $NEWREQ $EXTRA{ca}");
|
||||||
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
|
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
|
||||||
} elsif ($WHAT eq '-signCA' ) {
|
} elsif ($WHAT eq '-signCA' ) {
|
||||||
$RET = run("$CA -policy policy_anything -out $NEWCERT"
|
$RET = run("$CA $POLICY -out $NEWCERT"
|
||||||
. " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}");
|
. " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
|
||||||
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
|
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
|
||||||
} elsif ($WHAT eq '-signcert' ) {
|
} elsif ($WHAT eq '-signcert' ) {
|
||||||
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
|
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
|
||||||
. " -out tmp.pem $EXTRA{x509}");
|
. " -out tmp.pem $EXTRA{x509}");
|
||||||
$RET = run("$CA -policy policy_anything -out $NEWCERT"
|
$RET = run("$CA $POLICY -out $NEWCERT"
|
||||||
. "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
|
. "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
|
||||||
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
|
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
|
||||||
} elsif ($WHAT eq '-verify' ) {
|
} elsif ($WHAT eq '-verify' ) {
|
||||||
|
|
Loading…
Reference in New Issue