Merge branch 'openssl-pkey' into dev
This commit is contained in:
commit
3b3e0b01bf
25
shellpki
25
shellpki
|
|
@ -137,14 +137,14 @@ warning() {
|
||||||
}
|
}
|
||||||
|
|
||||||
verify_ca_password() {
|
verify_ca_password() {
|
||||||
"${OPENSSL_BIN}" rsa \
|
"${OPENSSL_BIN}" pkey \
|
||||||
-in "${CA_KEY}" \
|
-in "${CA_KEY}" \
|
||||||
-passin pass:"${CA_PASSWORD}" \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
}
|
}
|
||||||
get_real_path() {
|
get_real_path() {
|
||||||
# --canonicalize is supported on Linux
|
# --canonicalize is supported on Linux
|
||||||
# -f is supported on Linux and OpenBSD
|
# -f is supported on Linux and OpenBSD
|
||||||
readlink -f -- "${1}"
|
readlink -f -- "${1}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -279,17 +279,18 @@ init() {
|
||||||
|
|
||||||
passout_arg=""
|
passout_arg=""
|
||||||
if [ -n "${CA_PASSWORD:-}" ]; then
|
if [ -n "${CA_PASSWORD:-}" ]; then
|
||||||
passout_arg="-passout pass:${CA_PASSWORD}"
|
passout_arg="-pass pass:${CA_PASSWORD}"
|
||||||
elif [ "${non_interactive}" -eq 1 ]; then
|
elif [ "${non_interactive}" -eq 1 ]; then
|
||||||
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
|
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -f "${CA_KEY}" ]; then
|
if [ ! -f "${CA_KEY}" ]; then
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genpkey \
|
||||||
|
-algorithm RSA \
|
||||||
-out "${CA_KEY}" \
|
-out "${CA_KEY}" \
|
||||||
${passout_arg} \
|
${passout_arg} \
|
||||||
-aes256 \
|
-aes256 \
|
||||||
"${CA_KEY_LENGTH}" \
|
-pkeyopt "rsa_keygen_bits:${CA_KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
|
|
@ -356,9 +357,10 @@ ocsp() {
|
||||||
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
|
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
|
||||||
|
|
||||||
if [ ! -f "${OCSP_KEY}" ]; then
|
if [ ! -f "${OCSP_KEY}" ]; then
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genpkey \
|
||||||
|
-algorithm RSA \
|
||||||
-out "${OCSP_KEY}" \
|
-out "${OCSP_KEY}" \
|
||||||
"${KEY_LENGTH}" \
|
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
|
|
@ -681,14 +683,15 @@ create() {
|
||||||
# generate private key
|
# generate private key
|
||||||
pass_args=""
|
pass_args=""
|
||||||
if [ -n "${password_file:-}" ]; then
|
if [ -n "${password_file:-}" ]; then
|
||||||
pass_args="-aes256 -passout file:${password_file}"
|
pass_args="-aes256 -pass file:${password_file}"
|
||||||
elif [ -n "${PASSWORD:-}" ]; then
|
elif [ -n "${PASSWORD:-}" ]; then
|
||||||
pass_args="-aes256 -passout pass:${PASSWORD}"
|
pass_args="-aes256 -pass pass:${PASSWORD}"
|
||||||
fi
|
fi
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genpkey \
|
||||||
|
-algorithm RSA \
|
||||||
-out "${key_file}" \
|
-out "${key_file}" \
|
||||||
${pass_args} \
|
${pass_args} \
|
||||||
"${KEY_LENGTH}" \
|
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -eq 0 ]; then
|
if [ "$?" -eq 0 ]; then
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue