Make GPG key readable by apache so that the API can sign peer requests

[myplc.git] / plc.d / ssl

diff --git a/plc.d/ssl b/plc.d/ssl
index a4afb7f..34e83af 100755 (executable)
--- a/plc.d/ssl
+++ b/plc.d/ssl
@@ -7,7 +7,7 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id: ssl,v 1.7 2006/06/28 21:34:18 mlhuang Exp $
+# $Id: ssl,v 1.9 2006/07/17 21:28:55 mlhuang Exp $
 #
 
 # Source function library and configuration
@@ -40,6 +40,12 @@ verify_or_generate_certificate() {
     cname=$4
     email=$5
 
+    # If the CA certificate does not exist, assume that the
+    # certificate is self-signed.
+    if [ ! -f $ca ] ; then
+       cp -a $crt $ca
+    fi
+
     if [ -f $crt ] ; then
        # Check if certificate is valid
        verify=$(openssl verify -CAfile $ca $crt)
@@ -68,10 +74,8 @@ verify_or_generate_certificate() {
            -nodes -keyout $key -out $crt
        check
        chmod 644 $crt
-    fi
 
-    if [ ! -f $ca ] ; then
-        # The certificate it self-signed, so it is its own CA
+       # The certificate it self-signed, so it is its own CA
        cp -a $crt $ca
     fi
 }
@@ -131,8 +135,7 @@ case "$1" in
 
            verify_or_generate_certificate \
                ${!ssl_crt} ${!ssl_key} ${!ca_ssl_crt} \
-               ${!hostname} $PLC_MAIL_SUPPORT_ADDRESS
-
+               ${!hostname}
        done
 
        # Install HTTPS certificates into both /etc/pki (Fedora Core