Merge pull request #20 from xry111/fix-19
make-ca: use --filter=ca-anchors for all stores
This commit is contained in:
commit
23daa436c8
@ -1,3 +1,4 @@
|
|||||||
|
1.10 - Use --filter=ca-anchors for all stores
|
||||||
1.9 - Guard overrides on first run to avoid error message
|
1.9 - Guard overrides on first run to avoid error message
|
||||||
- Move dist files to /etc/make-ca
|
- Move dist files to /etc/make-ca
|
||||||
- Add distribution script to update CS.txt from CCADB
|
- Add distribution script to update CS.txt from CCADB
|
||||||
|
12
make-ca
12
make-ca
@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
shopt -s extglob;
|
shopt -s extglob;
|
||||||
|
|
||||||
VERSION="1.9"
|
VERSION="1.10"
|
||||||
MAKE_CA_CONF="/etc/make-ca.conf"
|
MAKE_CA_CONF="/etc/make-ca.conf"
|
||||||
|
|
||||||
# Get/set defaults
|
# Get/set defaults
|
||||||
@ -940,27 +940,27 @@ rm -rf "${TEMPDIR}"
|
|||||||
install -dm755 "${DESTDIR}${CERTDIR}" "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}"
|
install -dm755 "${DESTDIR}${CERTDIR}" "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}"
|
||||||
echo "Extracting OpenSSL certificates to:"
|
echo "Extracting OpenSSL certificates to:"
|
||||||
echo -n "${DESTDIR}${CERTDIR}..."
|
echo -n "${DESTDIR}${CERTDIR}..."
|
||||||
"${TRUST}" extract --filter=certificates --format=openssl-directory \
|
"${TRUST}" extract --filter=ca-anchors --format=openssl-directory \
|
||||||
--overwrite --comment "${DESTDIR}${CERTDIR}" \
|
--overwrite --comment "${DESTDIR}${CERTDIR}" \
|
||||||
&& echo "Done!" || echo "Failed!!!"
|
&& echo "Done!" || echo "Failed!!!"
|
||||||
echo "Extracting GNUTLS server auth certificates to:"
|
echo "Extracting GNUTLS server auth certificates to:"
|
||||||
echo -n "${DESTDIR}${CABUNDLE}..."
|
echo -n "${DESTDIR}${CABUNDLE}..."
|
||||||
"${TRUST}" extract --filter=certificates --format=pem-bundle \
|
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
|
||||||
--purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \
|
--purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \
|
||||||
&& echo "Done!" || echo "Failed!!!"
|
&& echo "Done!" || echo "Failed!!!"
|
||||||
echo "Extracting GNUTLS S-Mime certificates to:"
|
echo "Extracting GNUTLS S-Mime certificates to:"
|
||||||
echo -n "${DESTDIR}${SMBUNDLE}..."
|
echo -n "${DESTDIR}${SMBUNDLE}..."
|
||||||
"${TRUST}" extract --filter=certificates --format=pem-bundle \
|
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
|
||||||
--purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \
|
--purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \
|
||||||
&& echo "Done!" || echo "Failed!!!"
|
&& echo "Done!" || echo "Failed!!!"
|
||||||
echo "Extracting GNUTLS code signing certificates to:"
|
echo "Extracting GNUTLS code signing certificates to:"
|
||||||
echo -n "${DESTDIR}${CSBUNDLE}..."
|
echo -n "${DESTDIR}${CSBUNDLE}..."
|
||||||
"${TRUST}" extract --filter=certificates --format=pem-bundle \
|
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
|
||||||
--purpose code-signing --overwrite --comment \
|
--purpose code-signing --overwrite --comment \
|
||||||
"${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!"
|
"${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!"
|
||||||
echo "Extracting Java cacerts (JKS) to:"
|
echo "Extracting Java cacerts (JKS) to:"
|
||||||
echo -n "${DESTDIR}${KEYSTORE}/cacerts..."
|
echo -n "${DESTDIR}${KEYSTORE}/cacerts..."
|
||||||
"${TRUST}" extract --filter=certificates --format=java-cacerts \
|
"${TRUST}" extract --filter=ca-anchors --format=java-cacerts \
|
||||||
--purpose server-auth --overwrite \
|
--purpose server-auth --overwrite \
|
||||||
--comment "${DESTDIR}${KEYSTORE}/cacerts" \
|
--comment "${DESTDIR}${KEYSTORE}/cacerts" \
|
||||||
&& echo "Done!" || echo "Failed!!!"
|
&& echo "Done!" || echo "Failed!!!"
|
||||||
|
Loading…
Reference in New Issue
Block a user