[openssl] master update
Matt Caswell
matt at openssl.org
Tue Nov 16 15:56:20 UTC 2021
The branch master has been updated
via 3066cf2614d22182ae0dafd4557a96ab6b698d4f (commit)
from 8c08c8b37cab0eb66ca74fc65a40af3ccec77c00 (commit)
- Log -----------------------------------------------------------------
commit 3066cf2614d22182ae0dafd4557a96ab6b698d4f
Author: Andrew Galante <drew at perfectco.com>
Date: Fri Jan 8 13:27:49 2021 -0800
Abstract out policy and extensions in CA.pl
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13819)
-----------------------------------------------------------------------
Summary of changes:
apps/CA.pl.in | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index f029470005..2c31ee6c8d 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,6 +36,8 @@ my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
+my $EXTENSIONS = "-extensions v3_ca";
+my $POLICY = "-policy policy_anything";
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
@@ -179,7 +181,7 @@ if ($WHAT eq '-newcert' ) {
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
- . " -extensions v3_ca"
+ . " $EXTENSIONS"
. " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
@@ -191,19 +193,19 @@ if ($WHAT eq '-newcert' ) {
. " -export -name \"$cname\" $EXTRA{pkcs12}");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
- $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
} elsif ($WHAT eq '-sign' ) {
- $RET = run("$CA -policy policy_anything -out $NEWCERT"
+ $RET = run("$CA $POLICY -out $NEWCERT"
. " -infiles $NEWREQ $EXTRA{ca}");
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
- $RET = run("$CA -policy policy_anything -out $NEWCERT"
- . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run("$CA $POLICY -out $NEWCERT"
+ . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem $EXTRA{x509}");
- $RET = run("$CA -policy policy_anything -out $NEWCERT"
+ $RET = run("$CA $POLICY -out $NEWCERT"
. "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
More information about the openssl-commits
mailing list