[CalendarServer-changes] [1352] CalendarServer/trunk/bin/make-ssl-key

source_changes at macosforge.org source_changes at macosforge.org
Thu Mar 8 15:10:27 PST 2007


Revision: 1352
          http://trac.macosforge.org/projects/calendarserver/changeset/1352
Author:   wsanchez at apple.com
Date:     2007-03-08 15:10:26 -0800 (Thu, 08 Mar 2007)

Log Message:
-----------
Add -a option.

Modified Paths:
--------------
    CalendarServer/trunk/bin/make-ssl-key

Modified: CalendarServer/trunk/bin/make-ssl-key
===================================================================
--- CalendarServer/trunk/bin/make-ssl-key	2007-03-08 22:50:32 UTC (rev 1351)
+++ CalendarServer/trunk/bin/make-ssl-key	2007-03-08 23:10:26 UTC (rev 1352)
@@ -7,18 +7,32 @@
 # Handle command line
 ##
 
+authority="ca";
+
 usage ()
 {
   program=$(basename "$0");
 
   if [ $# != 0 ]; then echo "$@"; echo ""; fi;
 
-  echo "usage: ${program} host_name";
+  echo "usage: ${program} [options] host_name";
+  echo "";
+  echo "  -h              Show this help";
+  echo "  -a authority    Use given certificate authority [${authority}].";
 }
 
+while getopts 'ha:' option; do
+  case "$option" in
+    '?') usage; exit 64; ;;
+    'h') usage; exit 0; ;;
+    'a') authority="${OPTARG}"; ;;
+  esac;
+done;
+shift $((${OPTIND} - 1));
+
 if [ $# != 1 ]; then
   usage;
-  exit 1;
+  exit 64;
 fi;
 
 host="$1";
@@ -27,6 +41,15 @@
 # Do The Right Thing
 ##
 
+if [ ! -s "${authority}.key" ]; then
+  echo "Not a certificate authority key: ${authority}.key";
+  exit 1;
+fi;
+if [ ! -s "${authority}.crt" ]; then
+  echo "Not a certificate authority certificate: ${authority}.crt";
+  exit 1;
+fi;
+
 newfile ()
 {
   # New file is not readable and empty
@@ -38,6 +61,11 @@
   fi;
 }
 
+#
+# FIXME:
+#   Remove requirement that user type in a pass phrase here, which
+#   we then simply strip out.
+#
 if [ ! -s "${host}.key" ]; then
   echo "Generating host key...";
   newfile "${host}.key.tmp";
@@ -53,6 +81,11 @@
   echo "Key for ${host} already exists.";
 fi;
 
+#
+# FIXME:
+#   Remove requirement that user type the common name, which we
+#   already know ($hostname).
+#
 if [ ! -s "${host}.csr" ]; then
   echo "Generating certificate request...";
   newfile "${host}.csr";
@@ -64,7 +97,8 @@
 
 if [ ! -s "${host}.crt" ]; then
   echo "Generating certificate...";
-  openssl x509 -req -in "${host}.csr" -out "${host}.crt" -sha1 -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650;
+  openssl x509 -req -in "${host}.csr" -out "${host}.crt" -sha1 -days 3650 \
+    -CA "${authority}.crt" -CAkey "${authority}.key" -CAcreateserial;
   chmod 644 "${host}.crt";
   echo "";
 else

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070308/aa0b28d5/attachment.html


More information about the calendarserver-changes mailing list