Compare commits
1 commit
master
...
openssl-pk
Author | SHA1 | Date | |
---|---|---|---|
38aac7b137 |
23
shellpki
23
shellpki
|
@ -137,7 +137,7 @@ warning() {
|
||||||
}
|
}
|
||||||
|
|
||||||
verify_ca_password() {
|
verify_ca_password() {
|
||||||
"${OPENSSL_BIN}" rsa \
|
"${OPENSSL_BIN}" pkey \
|
||||||
-in "${CA_KEY}" \
|
-in "${CA_KEY}" \
|
||||||
-passin pass:"${CA_PASSWORD}" \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
@ -278,17 +278,18 @@ init() {
|
||||||
|
|
||||||
passout_arg=""
|
passout_arg=""
|
||||||
if [ -n "${CA_PASSWORD:-}" ]; then
|
if [ -n "${CA_PASSWORD:-}" ]; then
|
||||||
passout_arg="-passout pass:${CA_PASSWORD}"
|
passout_arg="-pass pass:${CA_PASSWORD}"
|
||||||
elif [ "${non_interactive}" -eq 1 ]; then
|
elif [ "${non_interactive}" -eq 1 ]; then
|
||||||
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
|
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -f "${CA_KEY}" ]; then
|
if [ ! -f "${CA_KEY}" ]; then
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genpkey \
|
||||||
|
-algorithm RSA \
|
||||||
-out "${CA_KEY}" \
|
-out "${CA_KEY}" \
|
||||||
${passout_arg} \
|
${passout_arg} \
|
||||||
-aes256 \
|
-aes256 \
|
||||||
"${CA_KEY_LENGTH}" \
|
-pkeyopt "rsa_keygen_bits:${CA_KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
|
@ -355,9 +356,10 @@ ocsp() {
|
||||||
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
|
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
|
||||||
|
|
||||||
if [ ! -f "${OCSP_KEY}" ]; then
|
if [ ! -f "${OCSP_KEY}" ]; then
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genpkey \
|
||||||
|
-algorithm RSA \
|
||||||
-out "${OCSP_KEY}" \
|
-out "${OCSP_KEY}" \
|
||||||
"${KEY_LENGTH}" \
|
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
|
@ -671,14 +673,15 @@ create() {
|
||||||
# generate private key
|
# generate private key
|
||||||
pass_args=""
|
pass_args=""
|
||||||
if [ -n "${password_file:-}" ]; then
|
if [ -n "${password_file:-}" ]; then
|
||||||
pass_args="-aes256 -passout file:${password_file}"
|
pass_args="-aes256 -pass file:${password_file}"
|
||||||
elif [ -n "${PASSWORD:-}" ]; then
|
elif [ -n "${PASSWORD:-}" ]; then
|
||||||
pass_args="-aes256 -passout pass:${PASSWORD}"
|
pass_args="-aes256 -pass pass:${PASSWORD}"
|
||||||
fi
|
fi
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genpkey \
|
||||||
|
-algorithm RSA \
|
||||||
-out "${key_file}" \
|
-out "${key_file}" \
|
||||||
${pass_args} \
|
${pass_args} \
|
||||||
"${KEY_LENGTH}" \
|
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -eq 0 ]; then
|
if [ "$?" -eq 0 ]; then
|
||||||
|
|
Loading…
Reference in a new issue