avoid duplication with rsyslogd

[myplc.git] / plc.d / ssl

diff --git a/plc.d/ssl b/plc.d/ssl
index e2c8c02..edf451f 100755 (executable)
--- a/plc.d/ssl
+++ b/plc.d/ssl
@@ -7,7 +7,7 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id: ssl,v 1.10 2006/07/24 19:30:45 mlhuang Exp $
+# $Id$
 #
 
 # Source function library and configuration
@@ -21,14 +21,8 @@ set -x
 ssl_cname ()
 {
     openssl x509 -noout -in $1 -subject | \
-       sed -n -e 's@.*/CN=\([^/]*\).*@\1@p'
-}
-
-# Print the emailAddress of an SSL certificate
-ssl_email ()
-{
-    openssl x509 -noout -in $1 -subject | \
-       sed -n -e 's@.*/emailAddress=\([^/]*\).*@\1@p'
+       sed -n -e 's@.*/CN=\([^/]*\).*@\1@p' | \
+       lower
 }
 
 # Verify a certificate. If invalid, generate a new self-signed
@@ -37,8 +31,7 @@ verify_or_generate_certificate() {
     crt=$1
     key=$2
     ca=$3
-    cname=$4
-    email=$5
+    cname=$(lower $4)
 
     # If the CA certificate does not exist, assume that the
     # certificate is self-signed.
@@ -51,8 +44,7 @@ verify_or_generate_certificate() {
        verify=$(openssl verify -CAfile $ca $crt)
        # Delete if invalid or if the subject has changed
        if grep -q "error" <<<$verify || \
-           [ "$(ssl_cname $crt)" != "$cname" ] || \
-           [ "$(ssl_email $crt)" != "$email" ] ; then
+           [ "$(ssl_cname $crt)" != "$cname" ] ; then
            rm -f $crt $ca
        fi
     fi
@@ -63,9 +55,6 @@ verify_or_generate_certificate() {
        if [ -n "$cname" ] ; then
            subj="$subj/CN=$cname"
        fi
-       if [ -n "$email" ] ; then
-           subj="$subj/emailAddress=$email"
-       fi
 
        # Generate new self-signed certificate
        mkdir -p $(dirname $crt)
@@ -73,24 +62,34 @@ verify_or_generate_certificate() {
            -batch -subj "$subj" \
            -nodes -keyout $key -out $crt
        check
-       chmod 644 $crt
 
        # The certificate it self-signed, so it is its own CA
        cp -a $crt $ca
     fi
+
+    # Fix permissions
+    chmod 644 $crt $ca
 }
 
 case "$1" in
     start)
-       MESSAGE=$"Generating SSL certificates"
-       dialog "$MESSAGE"
 
        # Generate HTTPS certificates if necessary. We generate a
        # certificate for each enabled server with a different
        # hostname. These self-signed certificates may be overridden
        # later.
+        MESSAGE=$"Generating SSL certificates for"
+        dialog "$MESSAGE"
+
        for server in WWW API BOOT ; do
-           ssl_key=PLC_${server}_SSL_KEY
+           eval "a=\$PLC_${server}_ENABLED"
+            echo $a
+            if [ "$a" -ne 1 ] ; then
+               echo "Skipping"
+                continue
+            fi
+           dialog "$server"
+        ssl_key=PLC_${server}_SSL_KEY
            ssl_crt=PLC_${server}_SSL_CRT
            ca_ssl_crt=PLC_${server}_CA_SSL_CRT
            hostname=PLC_${server}_HOST