Use genpkey and pkey instead of genrsa and rsa
genrsa and rsa are being deprecated by OpenSSL and both genpkey and pkey provides the same functionalities as genrsa and rsa will being more configurable.
This commit is contained in:
parent
97f1affa1b
commit
38aac7b137
27
shellpki
27
shellpki
|
@ -137,14 +137,14 @@ warning() {
|
|||
}
|
||||
|
||||
verify_ca_password() {
|
||||
"${OPENSSL_BIN}" rsa \
|
||||
"${OPENSSL_BIN}" pkey \
|
||||
-in "${CA_KEY}" \
|
||||
-passin pass:"${CA_PASSWORD}" \
|
||||
>/dev/null 2>&1
|
||||
}
|
||||
get_real_path() {
|
||||
# --canonicalize is supported on Linux
|
||||
# -f is supported on Linux and OpenBSD
|
||||
# -f is supported on Linux and OpenBSD
|
||||
readlink -f -- "${1}"
|
||||
}
|
||||
|
||||
|
@ -278,17 +278,18 @@ init() {
|
|||
|
||||
passout_arg=""
|
||||
if [ -n "${CA_PASSWORD:-}" ]; then
|
||||
passout_arg="-passout pass:${CA_PASSWORD}"
|
||||
passout_arg="-pass pass:${CA_PASSWORD}"
|
||||
elif [ "${non_interactive}" -eq 1 ]; then
|
||||
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
|
||||
fi
|
||||
|
||||
if [ ! -f "${CA_KEY}" ]; then
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${CA_KEY}" \
|
||||
${passout_arg} \
|
||||
-aes256 \
|
||||
"${CA_KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${CA_KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -ne 0 ]; then
|
||||
|
@ -333,7 +334,7 @@ EOF
|
|||
error "Error generating the CA certificate"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
"${OPENSSL_BIN}" ca \
|
||||
-config "${CONF_FILE}" \
|
||||
-passin pass:${CA_PASSWORD} \
|
||||
|
@ -355,9 +356,10 @@ ocsp() {
|
|||
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
|
||||
|
||||
if [ ! -f "${OCSP_KEY}" ]; then
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${OCSP_KEY}" \
|
||||
"${KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -ne 0 ]; then
|
||||
|
@ -671,14 +673,15 @@ create() {
|
|||
# generate private key
|
||||
pass_args=""
|
||||
if [ -n "${password_file:-}" ]; then
|
||||
pass_args="-aes256 -passout file:${password_file}"
|
||||
pass_args="-aes256 -pass file:${password_file}"
|
||||
elif [ -n "${PASSWORD:-}" ]; then
|
||||
pass_args="-aes256 -passout pass:${PASSWORD}"
|
||||
pass_args="-aes256 -pass pass:${PASSWORD}"
|
||||
fi
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${key_file}" \
|
||||
${pass_args} \
|
||||
"${KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -eq 0 ]; then
|
||||
|
|
Loading…
Reference in New Issue