rpms/crypto-utils/devel genkey.pl,1.21,1.22
Elio Maldonado
emaldonado at fedoraproject.org
Sun Oct 26 23:34:58 UTC 2008
Author: emaldonado
Update of /cvs/extras/rpms/crypto-utils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23664
Modified Files:
genkey.pl
Log Message:
Enable nss cert renewal and disable the pem one
Index: genkey.pl
===================================================================
RCS file: /cvs/extras/rpms/crypto-utils/devel/genkey.pl,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- genkey.pl 19 Oct 2008 05:10:10 -0000 1.21
+++ genkey.pl 26 Oct 2008 23:34:27 -0000 1.22
@@ -76,6 +76,7 @@
--renew CSR is for cert renewal, reusing existing key pair, openssl certs only
--cacert Renewal is for a CA certificate, needed for openssl certs only
--nss Use the nss database for keys and certificates
+ --gdb For package maintainers, to trace into the nss utilities
EOH
exit 1;
}
@@ -128,13 +129,15 @@
my $modNssDbDir = '';
my $nssNickname = '';
my $nssDBPrefix = '';
+my $gdb = '';
GetOptions('test|t' => \$test_mode,
'genreq' => \$genreq_mode,
'days=i' => \$cert_days,
- 'renew' => \$renew,
- 'cacert' => \$cacert,
+ 'renew' => \$renew,
+ 'cacert' => \$cacert,
'nss|n' => \$nss,
- 'makeca' => \$ca_mode) or usage();
+ 'gdb' => \$gdb,
+ 'makeca' => \$ca_mode) or usage();
usage() unless @ARGV != 0;
$skip_random = $test_mode;
$overwrite_key = $test_mode;
@@ -901,10 +904,12 @@
Newt::Suspend();
print STDOUT "$cmd $args"."\n";
$! = '';
- system("$cmd $args");
- # change to system("gdb $cmd");
- # to break into the debugger
- print STDERR "$cmd returned $!"."\n" if $!;
+ if ($gdb) {
+ system("gdb $cmd");
+ } else {
+ system("$cmd $args");
+ print STDERR "$cmd returned $!"."\n" if $!;
+ }
Newt::Resume();
}
@@ -1006,7 +1011,7 @@
$args .= "-z $noisefile " if $noisefile;
$args .= "-e $pwdfile " if $pwdfile;
# there is no password when the
- # user wants the key in the clar
+ # user wants the key in the clear
$args .= "-o $certfile ";
$args .= "-k $keyfile";
@@ -1136,6 +1141,7 @@
$args .= "--renew $certfile ";
$args .= "--input $keyfile ";
$args .= "--cacert " if $cacert;
+ $args .= "--filepwdnss $pwdfile " if $pwdfile;
$args .= "--validity $months ";
$args .= "--out $csrfile ";
@@ -1341,31 +1347,19 @@
if ($nss) {
# Renew cert in the nss database
- #
- # Must wait until NSS 3.12.2 becomes available with the fix for
- # https://bugzilla.redhat.com/show_bug.cgi?id=346731
- # <<certutil -R for cert renewal should derive the subject
- # from the cert if none is specified>>
- #
- # renewCertNSS($csrfile, $modNssDbDir, $nssDBPrefix, $nssNickname, $days, $tmpPasswordFile);
- #
- # Until then bail out.
- #
+ renewCertNSS($csrfile, $modNssDbDir, $nssDBPrefix,
+ $nssNickname, $days, $tmpPasswordFile);
+ } else {
+ # Disabling renewal of certs in PEM files until a future relase
Newt::newtWinMessage("Error", "Close",
- "Certificate renewal with NSS database not yet supported:".
- "\n\nPress return to exit");
- Newt::Finished();
- exit 1;
-
- } else {
- # Renew cert in a PEM file
- renewCertOpenSSL(
- $csrfile,
- $certfile, # contains cert to renew
- $keyfile, # contains encrypted private key
- $cacert,
- $days);
+ "Certificate renewal from PEM files is not yet supported:".
+ "\n\nPress return to exit");
+ Newt::Finished();
+ exit 1;
+ # Enable this when ready
+ # Renew cert in a PEM file
+ #renewCertOpenSSL($csrfile, $certfile, $keyfile, $cacert, $days);
}
}
More information about the fedora-extras-commits
mailing list