git://git.onelab.eu
/
myplc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
workaround for dealing with /dev/random /dev/urandom in a libvirt environment that...
[myplc.git]
/
plc.d
/
ssl
diff --git
a/plc.d/ssl
b/plc.d/ssl
index
90cd41a
..
ddbfe81
100755
(executable)
--- a/
plc.d/ssl
+++ b/
plc.d/ssl
@@
-1,14
+1,12
@@
#!/bin/bash
#
#!/bin/bash
#
-# priority:
4
00
+# priority:
3
00
#
# Generate SSL certificates
#
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
#
# Generate SSL certificates
#
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id$
-#
# Source function library and configuration
. /etc/plc.d/functions
# Source function library and configuration
. /etc/plc.d/functions
@@
-49,12
+47,12
@@
verify_or_generate_certificate() {
if [ -f $crt ] ; then
# Check if certificate is valid
if [ -f $crt ] ; then
# Check if certificate is valid
- verify=$(openssl verify -CAfile $ca $crt)
# Backup if invalid or if the subject has changed
# Backup if invalid or if the subject has changed
- if
grep -q "error" <<<$verify
|| \
+ if
openssl verify -CAfile $ca $crt | grep -q "error"
|| \
[ "$(ssl_cname $crt)" != "$cname" ] ; then
backup_file $crt
backup_file $ca
[ "$(ssl_cname $crt)" != "$cname" ] ; then
backup_file $crt
backup_file $ca
+ backup_file $key
fi
fi
fi
fi
@@
-139,13
+137,20
@@
case "$1" in
fi
ssl_key=PLC_${server}_SSL_KEY
ssl_crt=PLC_${server}_SSL_CRT
fi
ssl_key=PLC_${server}_SSL_KEY
ssl_crt=PLC_${server}_SSL_CRT
+ ssl_ca_crt=PLC_${server}_CA_SSL_CRT
symlink ${!ssl_crt} /etc/pki/tls/certs/localhost.crt
symlink ${!ssl_key} /etc/pki/tls/private/localhost.key
symlink ${!ssl_crt} /etc/pki/tls/certs/localhost.crt
symlink ${!ssl_key} /etc/pki/tls/private/localhost.key
+ symlink ${!ssl_ca_crt} /etc/pki/tls/certs/server-chain.crt
symlink ${!ssl_crt} /etc/httpd/conf/ssl.crt/server.crt
symlink ${!ssl_key} /etc/httpd/conf/ssl.key/server.key
done
symlink ${!ssl_crt} /etc/httpd/conf/ssl.crt/server.crt
symlink ${!ssl_key} /etc/httpd/conf/ssl.key/server.key
done
+ # Ensure that the server-chain gets used, as it is off by
+ # default.
+ sed -i -e 's/^#SSLCertificateChainFile /SSLCertificateChainFile /' \
+ /etc/httpd/conf.d/ssl.conf
+
result "$MESSAGE"
;;
esac
result "$MESSAGE"
;;
esac