Accepting request 128919 from home:saschpe:branches:Apache
- gensslcert: Use 0400 permissions for generated SSL certificate files instead of 0644 OBS-URL: https://build.opensuse.org/request/show/128919 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=368
This commit is contained in:
Roman Drahtmueller
Git OBS Bridge
parent
bb379cae66
commit
9386014e7c
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 25 11:32:34 UTC 2012 - saschpe@suse.de
|
||||
|
||||
- gensslcert: Use 0400 permissions for generated SSL certificate files
|
||||
instead of 0644
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 6 11:58:03 UTC 2012 - meissner@suse.com
|
||||
|
||||
|
||||
12
gensslcert
12
gensslcert
@ -91,7 +91,7 @@ sslprmdir=$r/etc/apache2/ssl.prm
|
||||
# CA
|
||||
#
|
||||
echo;myecho creating CA key ...
|
||||
$openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?
|
||||
(umask 0377 ; $openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?)
|
||||
|
||||
cat >$r/root/.mkcert.cfg <<EOT
|
||||
[ req ]
|
||||
@ -116,7 +116,7 @@ challengePassword = $RANDOM$RANDOMA challenge password
|
||||
EOT
|
||||
|
||||
echo;myecho creating CA request/certificate ...
|
||||
$openssl req -config $r/root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?
|
||||
(umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?)
|
||||
|
||||
cp -pv $sslcrtdir/${name}ca.crt $r/srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt
|
||||
|
||||
@ -124,7 +124,7 @@ cp -pv $sslcrtdir/${name}ca.crt $r/srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')
|
||||
# Server CERT
|
||||
#
|
||||
echo;myecho creating server key ...
|
||||
$openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/${name}server.key 1024 || myexit $LINENO $?
|
||||
(umask 0377 ; $openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/${name}server.key 1024 || myexit $LINENO $?)
|
||||
|
||||
cat >$r/root/.mkcert.cfg <<EOT
|
||||
[ req ]
|
||||
@ -149,7 +149,7 @@ challengePassword = $RANDOM$RANDOMA challenge password
|
||||
EOT
|
||||
|
||||
echo;myecho creating server request ...
|
||||
$openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?
|
||||
(umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?)
|
||||
|
||||
|
||||
cat >$r/root/.mkcert.cfg <<EOT
|
||||
@ -163,14 +163,14 @@ EOT
|
||||
|
||||
test -f $r/root/.mkcert.serial || echo 01 >$r/root/.mkcert.serial
|
||||
myecho "creating server certificate ..."
|
||||
$openssl x509 \
|
||||
(umask 0377 ; $openssl x509 \
|
||||
-extfile $r/root/.mkcert.cfg \
|
||||
-days $srvdays \
|
||||
-CAserial $r/root/.mkcert.serial \
|
||||
-CA $sslcrtdir/${name}ca.crt \
|
||||
-CAkey $sslkeydir/${name}ca.key \
|
||||
-in $sslcsrdir/${name}server.csr -req \
|
||||
-out $sslcrtdir/${name}server.crt || myexit $LINENO $?
|
||||
-out $sslcrtdir/${name}server.crt || myexit $LINENO $?)
|
||||
|
||||
rm -f $r/root/.mkcert.cfg
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user