X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=utilities%2Fovs-pki.in;h=501b06e47bce40bcb1bee84e6a4de66af0b76b46;hb=28c5588e8e1a8d091c5d2275232c35f2968a97fa;hp=bf40c29586f64306d063ccf2ccbbd1636243ae13;hpb=93ea780907c2c4315ecc1a3e7823fcba3aba5e96;p=sliver-openvswitch.git

diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index bf40c2958..501b06e47 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ bits=2048
 
 # OS-specific compatibility routines
 case $(uname -s) in
-FreeBSD)
+FreeBSD|NetBSD)
     file_mod_epoch()
     {
         stat -r "$1" | awk '{print $10}'
@@ -272,7 +272,7 @@ certificate    = $dir/cacert.pem       # The CA cert
 serial         = $dir/serial           # serial no file
 private_key    = $dir/private/cakey.pem# CA private key
 RANDFILE       = $dir/private/.rand    # random number file
-default_days   = 365                   # how long to certify for
+default_days   = 3650                  # how long to certify for
 default_crl_days= 30                   # how long before next CRL
 default_md     = md5                   # md to use
 policy         = policy                # default policy
@@ -303,7 +303,7 @@ EOF
             -newkey $newkey -keyout private/cakey.pem -out careq.pem \
             1>&3 2>&3
         openssl ca -config ca.cnf -create_serial -out cacert.pem \
-            -days 2191 -batch -keyfile private/cakey.pem -selfsign \
+            -days 3650 -batch -keyfile private/cakey.pem -selfsign \
             -infiles careq.pem 1>&3 2>&3
         chmod 0700 private/cakey.pem
 
@@ -429,6 +429,8 @@ make_request() {
     must_not_exist "$arg1-privkey.pem"
     must_not_exist "$arg1-req.pem"
     make_tmpdir
+    # Use uuidgen or date to create unique subject DNs.
+    unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"`
     cat > "$TMP/req.cnf" <<EOF
 [ req ]
 prompt = no
@@ -440,7 +442,7 @@ ST = CA
 L = Palo Alto
 O = Open vSwitch
 OU = Open vSwitch certifier
-CN = Open vSwitch certificate for $arg1
+CN = $arg1 id:$unique
 EOF
     if test $keytype = rsa; then
         (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \
@@ -512,7 +514,7 @@ elif test "$command" = self-sign; then
     # Create both the private key and certificate with restricted permissions.
     (umask 077 && \
      openssl x509 -in "$arg1-req.pem" -out "$arg1-cert.pem.tmp" \
-        -signkey "$arg1-privkey.pem" -req -days 2191 -text) 2>&3 || exit $?
+        -signkey "$arg1-privkey.pem" -req -days 3650 -text) 2>&3 || exit $?
 
     # Reset the permissions on the certificate to the user's default.
     cat "$arg1-cert.pem.tmp" > "$arg1-cert.pem"