git://git.onelab.eu
/
sliver-openvswitch.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Prepare for post-2.2.0 (2.2.90).
[sliver-openvswitch.git]
/
utilities
/
ovs-pki.in
diff --git
a/utilities/ovs-pki.in
b/utilities/ovs-pki.in
index
bf40c29
..
501b06e
100755
(executable)
--- a/
utilities/ovs-pki.in
+++ b/
utilities/ovs-pki.in
@@
-1,6
+1,6
@@
#! /bin/sh
#! /bin/sh
-# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+# Copyright (c) 2008, 2009, 2010, 2011, 2012
, 2013
Nicira, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@
-27,7
+27,7
@@
bits=2048
# OS-specific compatibility routines
case $(uname -s) in
# OS-specific compatibility routines
case $(uname -s) in
-FreeBSD)
+FreeBSD
|NetBSD
)
file_mod_epoch()
{
stat -r "$1" | awk '{print $10}'
file_mod_epoch()
{
stat -r "$1" | awk '{print $10}'
@@
-272,7
+272,7
@@
certificate = $dir/cacert.pem # The CA cert
serial = $dir/serial # serial no file
private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
serial = $dir/serial # serial no file
private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
-default_days = 365
# how long to certify for
+default_days = 365
0
# how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
policy = policy # default policy
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
policy = policy # default policy
@@
-303,7
+303,7
@@
EOF
-newkey $newkey -keyout private/cakey.pem -out careq.pem \
1>&3 2>&3
openssl ca -config ca.cnf -create_serial -out cacert.pem \
-newkey $newkey -keyout private/cakey.pem -out careq.pem \
1>&3 2>&3
openssl ca -config ca.cnf -create_serial -out cacert.pem \
- -days
2191
-batch -keyfile private/cakey.pem -selfsign \
+ -days
3650
-batch -keyfile private/cakey.pem -selfsign \
-infiles careq.pem 1>&3 2>&3
chmod 0700 private/cakey.pem
-infiles careq.pem 1>&3 2>&3
chmod 0700 private/cakey.pem
@@
-429,6
+429,8
@@
make_request() {
must_not_exist "$arg1-privkey.pem"
must_not_exist "$arg1-req.pem"
make_tmpdir
must_not_exist "$arg1-privkey.pem"
must_not_exist "$arg1-req.pem"
make_tmpdir
+ # Use uuidgen or date to create unique subject DNs.
+ unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"`
cat > "$TMP/req.cnf" <<EOF
[ req ]
prompt = no
cat > "$TMP/req.cnf" <<EOF
[ req ]
prompt = no
@@
-440,7
+442,7
@@
ST = CA
L = Palo Alto
O = Open vSwitch
OU = Open vSwitch certifier
L = Palo Alto
O = Open vSwitch
OU = Open vSwitch certifier
-CN =
Open vSwitch certificate for $arg1
+CN =
$arg1 id:$unique
EOF
if test $keytype = rsa; then
(umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
EOF
if test $keytype = rsa; then
(umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
@@
-512,7
+514,7
@@
elif test "$command" = self-sign; then
# Create both the private key and certificate with restricted permissions.
(umask 077 && \
openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem.tmp" \
# Create both the private key and certificate with restricted permissions.
(umask 077 && \
openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem.tmp" \
- -signkey "$arg1-privkey.pem" -req -days
2191
-text) 2>&3 || exit $?
+ -signkey "$arg1-privkey.pem" -req -days
3650
-text) 2>&3 || exit $?
# Reset the permissions on the certificate to the user's default.
cat "$arg1-cert.pem.tmp" > "$arg1-cert.pem"
# Reset the permissions on the certificate to the user's default.
cat "$arg1-cert.pem.tmp" > "$arg1-cert.pem"