[Cluster-devel] conga/luci init.d/luci site/luci/var/certs/cac ...

rmccabe at sourceware.org rmccabe at sourceware.org
Thu Apr 10 22:13:50 UTC 2008 

CVSROOT:	/cvs/cluster
Module name:	conga
Branch: 	RHEL4
Changes by:	rmccabe at sourceware.org	2008-04-10 22:13:49

Modified files:
	luci/init.d    : luci 
	luci/site/luci/var/certs: cacert.config 
	luci/utils     : luci_admin 

Log message:
	Specifiy a serial number for our (self-signed) certificates to avoid firefox3 shutting us out if we generate a new cert for a host (e.g., when removing luci, wiping all its directories, then installing again).

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.14.2.2&r2=1.14.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/var/certs/cacert.config.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.1&r2=1.1.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.52.2.4&r2=1.52.2.5

--- conga/luci/init.d/luci	2008/03/25 01:27:11	1.14.2.2
+++ conga/luci/init.d/luci	2008/04/10 22:13:49	1.14.2.3
@@ -75,7 +75,7 @@
 
 	rm -f -- "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY"
 	/usr/bin/openssl genrsa -out "$HTTPS_PRIVKEY" "$KEY_BITS" >&/dev/null
-	/usr/bin/openssl req -new -x509 -key "$HTTPS_PRIVKEY" -out "$HTTPS_PUBKEY" -days "$KEY_LIFE_DAYS" -config /var/lib/luci/var/certs/cacert.config
+	/usr/bin/openssl req -new -x509 -key "$HTTPS_PRIVKEY" -out "$HTTPS_PUBKEY" -days "$KEY_LIFE_DAYS" -set-serial "$(/bin/date +%s)" -config /var/lib/luci/var/certs/cacert.config
 	/bin/chmod -- 600 "$HTTPS_PRIVKEY"
 	/bin/chmod -- 644 "$HTTPS_PUBKEY"
 	/bin/chown -- $LUCI_USER:$LUCI_GROUP "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY"
--- conga/luci/site/luci/var/certs/cacert.config	2006/06/02 00:14:28	1.1
+++ conga/luci/site/luci/var/certs/cacert.config	2008/04/10 22:13:49	1.1.4.1
@@ -6,10 +6,10 @@
 [ req_distinguished_name ]
 C                      = US
 ST                     = State or Province
-L                      = Locality
-O                      = Organization Name
-OU                     = Organizational Unit Name
-CN                     = Common Name
-emailAddress           = root at localhost
+L                      = Conga
+O                      = Conga
+OU                     = Conga
+CN                     = Luci Server
+emailAddress           = luci at localhost
 
 [ req_attributes ]
--- conga/luci/utils/luci_admin	2008/03/25 01:27:14	1.52.2.4
+++ conga/luci/utils/luci_admin	2008/04/10 22:13:49	1.52.2.5
@@ -10,6 +10,7 @@
 import sys, os, pwd
 from select import select
 from stat import S_ISREG
+from time import time
 import types
 import xml
 import xml.dom
@@ -1051,7 +1052,7 @@
 
 	# /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
 	command = '/usr/bin/openssl'
-	args = [ command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH ]
+	args = [ command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-set_serial', str(int(time())), '-config', SSL_KEYCONFIG_PATH ]
 	exec_cmd(command, args)
 
 	# take ownership and restrict access

More information about the Cluster-devel mailing list