Use genpkey and pkey instead of genrsa and rsa

genrsa and rsa are being deprecated by OpenSSL and both genpkey and pkey
provides the same functionalities as genrsa and rsa will being more
configurable.
This commit is contained in:
Mathieu Trossevin 2022-04-06 11:09:07 +02:00
parent 97f1affa1b
commit 38aac7b137
Signed by: mtrossevin
GPG Key ID: D1DBB7EA828374E9
1 changed files with 15 additions and 12 deletions

View File

@ -137,14 +137,14 @@ warning() {
}
verify_ca_password() {
"${OPENSSL_BIN}" rsa \
"${OPENSSL_BIN}" pkey \
-in "${CA_KEY}" \
-passin pass:"${CA_PASSWORD}" \
>/dev/null 2>&1
}
get_real_path() {
# --canonicalize is supported on Linux
# -f is supported on Linux and OpenBSD
# -f is supported on Linux and OpenBSD
readlink -f -- "${1}"
}
@ -278,17 +278,18 @@ init() {
passout_arg=""
if [ -n "${CA_PASSWORD:-}" ]; then
passout_arg="-passout pass:${CA_PASSWORD}"
passout_arg="-pass pass:${CA_PASSWORD}"
elif [ "${non_interactive}" -eq 1 ]; then
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
fi
if [ ! -f "${CA_KEY}" ]; then
"${OPENSSL_BIN}" genrsa \
"${OPENSSL_BIN}" genpkey \
-algorithm RSA \
-out "${CA_KEY}" \
${passout_arg} \
-aes256 \
"${CA_KEY_LENGTH}" \
-pkeyopt "rsa_keygen_bits:${CA_KEY_LENGTH}" \
>/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then
@ -333,7 +334,7 @@ EOF
error "Error generating the CA certificate"
fi
fi
"${OPENSSL_BIN}" ca \
-config "${CONF_FILE}" \
-passin pass:${CA_PASSWORD} \
@ -355,9 +356,10 @@ ocsp() {
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
if [ ! -f "${OCSP_KEY}" ]; then
"${OPENSSL_BIN}" genrsa \
"${OPENSSL_BIN}" genpkey \
-algorithm RSA \
-out "${OCSP_KEY}" \
"${KEY_LENGTH}" \
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
>/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then
@ -671,14 +673,15 @@ create() {
# generate private key
pass_args=""
if [ -n "${password_file:-}" ]; then
pass_args="-aes256 -passout file:${password_file}"
pass_args="-aes256 -pass file:${password_file}"
elif [ -n "${PASSWORD:-}" ]; then
pass_args="-aes256 -passout pass:${PASSWORD}"
pass_args="-aes256 -pass pass:${PASSWORD}"
fi
"${OPENSSL_BIN}" genrsa \
"${OPENSSL_BIN}" genpkey \
-algorithm RSA \
-out "${key_file}" \
${pass_args} \
"${KEY_LENGTH}" \
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
>/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -eq 0 ]; then