Merge branch 'openssl-pkey' into dev
This commit is contained in:
commit
3b3e0b01bf
23
shellpki
23
shellpki
|
@ -137,7 +137,7 @@ warning() {
|
|||
}
|
||||
|
||||
verify_ca_password() {
|
||||
"${OPENSSL_BIN}" rsa \
|
||||
"${OPENSSL_BIN}" pkey \
|
||||
-in "${CA_KEY}" \
|
||||
-passin pass:"${CA_PASSWORD}" \
|
||||
>/dev/null 2>&1
|
||||
|
@ -279,17 +279,18 @@ init() {
|
|||
|
||||
passout_arg=""
|
||||
if [ -n "${CA_PASSWORD:-}" ]; then
|
||||
passout_arg="-passout pass:${CA_PASSWORD}"
|
||||
passout_arg="-pass pass:${CA_PASSWORD}"
|
||||
elif [ "${non_interactive}" -eq 1 ]; then
|
||||
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
|
||||
fi
|
||||
|
||||
if [ ! -f "${CA_KEY}" ]; then
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${CA_KEY}" \
|
||||
${passout_arg} \
|
||||
-aes256 \
|
||||
"${CA_KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${CA_KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -ne 0 ]; then
|
||||
|
@ -356,9 +357,10 @@ ocsp() {
|
|||
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
|
||||
|
||||
if [ ! -f "${OCSP_KEY}" ]; then
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${OCSP_KEY}" \
|
||||
"${KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -ne 0 ]; then
|
||||
|
@ -681,14 +683,15 @@ create() {
|
|||
# generate private key
|
||||
pass_args=""
|
||||
if [ -n "${password_file:-}" ]; then
|
||||
pass_args="-aes256 -passout file:${password_file}"
|
||||
pass_args="-aes256 -pass file:${password_file}"
|
||||
elif [ -n "${PASSWORD:-}" ]; then
|
||||
pass_args="-aes256 -passout pass:${PASSWORD}"
|
||||
pass_args="-aes256 -pass pass:${PASSWORD}"
|
||||
fi
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${key_file}" \
|
||||
${pass_args} \
|
||||
"${KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -eq 0 ]; then
|
||||
|
|
Loading…
Reference in a new issue