X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plc.d%2Fssl;h=aa3a0fe16e5841fbb9de5d7584caf53819517a90;hb=f4a43ea12a059e92c0f921f3c001e6194d00eb24;hp=90cd41a3b11584cbd976587151b14fee25fda57c;hpb=d34a5737ff90555408e8b57654736a82d07061fc;p=myplc.git

diff --git a/plc.d/ssl b/plc.d/ssl
index 90cd41a..aa3a0fe 100755
--- a/plc.d/ssl
+++ b/plc.d/ssl
@@ -1,14 +1,14 @@
 #!/bin/bash
+# $Id$
+# $URL$
 #
-# priority: 400
+# priority: 300
 #
 # Generate SSL certificates
 #
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id$
-#
 
 # Source function library and configuration
 . /etc/plc.d/functions
@@ -49,12 +49,12 @@ verify_or_generate_certificate() {
 
     if [ -f $crt ] ; then
 	# Check if certificate is valid
-	verify=$(openssl verify -CAfile $ca $crt)
 	# Backup if invalid or if the subject has changed
-	if grep -q "error" <<<$verify || \
+	if openssl verify -CAfile $ca $crt | grep -q "error" || \
 	    [ "$(ssl_cname $crt)" != "$cname" ] ; then
             backup_file $crt
             backup_file $ca
+            backup_file $key
 	fi
     fi
 
@@ -139,13 +139,20 @@ case "$1" in
 	    fi
 	    ssl_key=PLC_${server}_SSL_KEY
 	    ssl_crt=PLC_${server}_SSL_CRT
+	    ssl_ca_crt=PLC_${server}_CA_SSL_CRT
 
 	    symlink ${!ssl_crt} /etc/pki/tls/certs/localhost.crt
 	    symlink ${!ssl_key} /etc/pki/tls/private/localhost.key
+	    symlink ${!ssl_ca_crt} /etc/pki/tls/certs/server-chain.crt
 	    symlink ${!ssl_crt} /etc/httpd/conf/ssl.crt/server.crt
 	    symlink ${!ssl_key} /etc/httpd/conf/ssl.key/server.key
 	done
 
+	# Ensure that the server-chain gets used, as it is off by
+	# default.
+	sed -i -e 's/^#SSLCertificateChainFile /SSLCertificateChainFile /' \
+	    /etc/httpd/conf.d/ssl.conf
+
 	result "$MESSAGE"
 	;;
 esac