[Cluster-devel] conga/luci init.d/luci site/luci/var/certs/cac ...
rmccabe at sourceware.org
rmccabe at sourceware.org
Thu Apr 10 22:13:50 UTC 2008
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL4
Changes by: rmccabe at sourceware.org 2008-04-10 22:13:49
Modified files:
luci/init.d : luci
luci/site/luci/var/certs: cacert.config
luci/utils : luci_admin
Log message:
Specifiy a serial number for our (self-signed) certificates to avoid firefox3 shutting us out if we generate a new cert for a host (e.g., when removing luci, wiping all its directories, then installing again).
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.14.2.2&r2=1.14.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/var/certs/cacert.config.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.1&r2=1.1.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.52.2.4&r2=1.52.2.5
--- conga/luci/init.d/luci 2008/03/25 01:27:11 1.14.2.2
+++ conga/luci/init.d/luci 2008/04/10 22:13:49 1.14.2.3
@@ -75,7 +75,7 @@
rm -f -- "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY"
/usr/bin/openssl genrsa -out "$HTTPS_PRIVKEY" "$KEY_BITS" >&/dev/null
- /usr/bin/openssl req -new -x509 -key "$HTTPS_PRIVKEY" -out "$HTTPS_PUBKEY" -days "$KEY_LIFE_DAYS" -config /var/lib/luci/var/certs/cacert.config
+ /usr/bin/openssl req -new -x509 -key "$HTTPS_PRIVKEY" -out "$HTTPS_PUBKEY" -days "$KEY_LIFE_DAYS" -set-serial "$(/bin/date +%s)" -config /var/lib/luci/var/certs/cacert.config
/bin/chmod -- 600 "$HTTPS_PRIVKEY"
/bin/chmod -- 644 "$HTTPS_PUBKEY"
/bin/chown -- $LUCI_USER:$LUCI_GROUP "$HTTPS_PRIVKEY" "$HTTPS_PUBKEY"
--- conga/luci/site/luci/var/certs/cacert.config 2006/06/02 00:14:28 1.1
+++ conga/luci/site/luci/var/certs/cacert.config 2008/04/10 22:13:49 1.1.4.1
@@ -6,10 +6,10 @@
[ req_distinguished_name ]
C = US
ST = State or Province
-L = Locality
-O = Organization Name
-OU = Organizational Unit Name
-CN = Common Name
-emailAddress = root at localhost
+L = Conga
+O = Conga
+OU = Conga
+CN = Luci Server
+emailAddress = luci at localhost
[ req_attributes ]
--- conga/luci/utils/luci_admin 2008/03/25 01:27:14 1.52.2.4
+++ conga/luci/utils/luci_admin 2008/04/10 22:13:49 1.52.2.5
@@ -10,6 +10,7 @@
import sys, os, pwd
from select import select
from stat import S_ISREG
+from time import time
import types
import xml
import xml.dom
@@ -1051,7 +1052,7 @@
# /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
command = '/usr/bin/openssl'
- args = [ command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH ]
+ args = [ command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-set_serial', str(int(time())), '-config', SSL_KEYCONFIG_PATH ]
exec_cmd(command, args)
# take ownership and restrict access
More information about the Cluster-devel
mailing list