Remove unused variables saarg, csarg, and smarg in get_trust_values() function
Remove unused CERTLIST variable in copy-trust-modifications Correct STDERR redirection in multiple functions
This commit is contained in:
DJ Lucas
parent
ddad9bbee0
commit
31e66e0c74
@ -1,6 +1,10 @@
|
||||
1.3 - Added write_nss_db() and write_java_p12() functions to eliminate
|
||||
duplicate code
|
||||
- Corrected version string
|
||||
- Remove unused variables saarg, csarg, and smarg in
|
||||
get_trust_values() function
|
||||
- Remove unused CERTLIST variable in copy-trust-modifications
|
||||
- Correct STDERR redirection in multiple functions
|
||||
1.2 - Use md5sum values for anchors.txt to detect p11-kit changes
|
||||
- Added get_p11_label() function to get reliable label values
|
||||
- Added get_trust_values(), get_p11_trust(), and write_anchor()
|
||||
|
||||
@ -9,7 +9,6 @@ else
|
||||
ANCHORLIST="/etc/pki/anchors.md5sums"
|
||||
LOCALDIR="/etc/ssl/local"
|
||||
MD5SUM="/usr/bin/md5sum"
|
||||
CERTLIST=""
|
||||
fi
|
||||
|
||||
# Dump to a temporary directory
|
||||
|
||||
45
make-ca
45
make-ca
@ -93,7 +93,7 @@ function get_args(){
|
||||
SSLDIR="${2}"
|
||||
CERTDIR="${SSLDIR}/certs"
|
||||
LOCALDIR="${SSLDIR}/local"
|
||||
echo "${@}" | grep -e "-d " -e "--cadir" 2>&1> /dev/null
|
||||
echo "${@}" | grep -e "-d " -e "--cadir" > /dev/null 2>&1
|
||||
if test "${?}" == "0"; then
|
||||
echo "Error! ${1} cannot be used with the -d/--cadir switch."
|
||||
echo ""
|
||||
@ -105,7 +105,7 @@ function get_args(){
|
||||
-a | --anchordir)
|
||||
check_arg $1 $2
|
||||
ANCHORDIR="${2}"
|
||||
echo "${@}" | grep -e "-P " -e "--pkidir" 2>&1> /dev/null
|
||||
echo "${@}" | grep -e "-P " -e "--pkidir" > /dev/null 2>&1
|
||||
if test "${?}" == "0"; then
|
||||
echo "Error! ${1} cannot be used with the -P/--pkidir switch."
|
||||
echo ""
|
||||
@ -120,8 +120,8 @@ function get_args(){
|
||||
;;
|
||||
-d | --cadir)
|
||||
check_arg $1 $2
|
||||
CADIR="${2}"
|
||||
echo "$@" | grep -e "-S" -e "--ssldir" 2>&1 > /dev/null
|
||||
CERTDIR="${2}"
|
||||
echo "$@" | grep -e "-S" -e "--ssldir" > /dev/null 2>&1
|
||||
if test "${?}" == "0"; then
|
||||
echo "Error! ${1} cannot be used with the -S/--ssldir switch."
|
||||
echo ""
|
||||
@ -442,13 +442,6 @@ function get_trust_values() {
|
||||
# Not currently included in NSS certdata.txt
|
||||
#catrust="$(convert_trust `grep '^CKA_TRUST_CLIENT_AUTH' ${1} | \
|
||||
# cut -d " " -f 3`)"
|
||||
|
||||
# Get args for OpenSSL trust settings
|
||||
saarg="$(convert_trust_arg "${satrust}" sa)"
|
||||
smarg="$(convert_trust_arg "${smtrust}" sm)"
|
||||
csarg="$(convert_trust_arg "${cstrust}" cs)"
|
||||
# Not currently included in NSS certdata.txt
|
||||
#caarg="$(convert_trust_arg "${catrust}" ca)"
|
||||
}
|
||||
|
||||
function get_p11_trust() {
|
||||
@ -513,7 +506,7 @@ function write_java_p12() {
|
||||
# Remove existing certificate
|
||||
"${KEYTOOL}" -delete -noprompt -alias "${certname}" \
|
||||
-keystore "${1}" \
|
||||
-storepass 'changeit' 2>&1> /dev/null
|
||||
-storepass 'changeit' > /dev/null 2>&1
|
||||
# Determine ExtendedKeyUsage
|
||||
EKU=""
|
||||
EKUVAL=""
|
||||
@ -537,7 +530,7 @@ function write_java_p12() {
|
||||
"${KEYTOOL}" -importcert -file "${2}" -storetype PKCS12 \
|
||||
-noprompt -alias "${certname}" -storepass 'changeit' \
|
||||
-keystore "${1}" $EKUVAL \
|
||||
2>&1> /dev/null | \
|
||||
> /dev/null 2>&1 | \
|
||||
sed -e "s@Certificate was a@A@" \
|
||||
-e 's@keystore@Java cacerts (PKCS#12) with trust '${satrust},${smtrust},${cstrust}'.@' \
|
||||
| sed 's@p@@'
|
||||
@ -577,11 +570,11 @@ if test "${GET}" == "1"; then
|
||||
SARGS="${SARGS} -proxy ${PROXY}"
|
||||
fi
|
||||
echo GET ${_url} | \
|
||||
${OPENSSL} s_client ${SARGS} 2>/dev/null > "${TEMPDIR}/certdata.txt.log"
|
||||
${OPENSSL} s_client ${SARGS} 2> /dev/null > "${TEMPDIR}/certdata.txt.log"
|
||||
unset _url
|
||||
|
||||
# Error out here if we couldn't get the file
|
||||
grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" 2>&1>/dev/null
|
||||
grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" > /dev/null 2>&1
|
||||
if test "$?" -gt 0; then
|
||||
echo "Unable to get revision from server! Exiting."
|
||||
exit 1
|
||||
@ -600,7 +593,7 @@ if test "${GET}" == "1"; then
|
||||
|
||||
# Download the new file
|
||||
echo GET ${URL} | \
|
||||
${OPENSSL} s_client ${SARGS} 2>/dev/null >> "${CERTDATA}"
|
||||
${OPENSSL} s_client ${SARGS} 2> /dev/null >> "${CERTDATA}"
|
||||
_line=$(( $(grep -n "certdata.txt" "${CERTDATA}" | cut -d ":" -f 1) - 1))
|
||||
sed -e "1,${_line}d" -i "${CERTDATA}"
|
||||
sed "1i # Revision:${REVISION}" -i "${CERTDATA}"
|
||||
@ -710,7 +703,7 @@ unset tempfile
|
||||
|
||||
# Install anchors in $ANCHORDIR
|
||||
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
|
||||
install -dm755 "${DESTDIR}${ANCHORDIR}" 2>&1>/dev/null
|
||||
install -dm755 "${DESTDIR}${ANCHORDIR}" > /dev/null 2>&1
|
||||
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
|
||||
|
||||
# Install NSS Shared DB
|
||||
@ -720,7 +713,7 @@ if test "${WITH_NSS}" == "1"; then
|
||||
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
|
||||
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
|
||||
test -d "${DESTDIR}${NSSDB}" && rm -rf "${DESTDIR}${NSSDB}"
|
||||
install -dm755 "${DESTDIR}${NSSDB}" 2>&1>/dev/null
|
||||
install -dm755 "${DESTDIR}${NSSDB}" > /dev/null 2>&1
|
||||
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
|
||||
"${DESTDIR}${NSSDB}"
|
||||
fi
|
||||
@ -755,25 +748,25 @@ if test -d "${LOCALDIR}"; then
|
||||
cstrust=""
|
||||
catrust=""
|
||||
satrust=$(echo "${trustlist}" | \
|
||||
grep "TLS Web Server" 2>&1> /dev/null && echo "C")
|
||||
grep "TLS Web Server" > /dev/null 2>&1 && echo "C")
|
||||
smtrust=$(echo "${trustlist}" | \
|
||||
grep "E-mail Protection" 2>&1 >/dev/null && echo "C")
|
||||
grep "E-mail Protection" > /dev/null 2>&1 && echo "C")
|
||||
cstrust=$(echo "${trustlist}" | \
|
||||
grep "Code Signing" 2>&1 >/dev/null && echo "C")
|
||||
grep "Code Signing" > /dev/null 2>&1 && echo "C")
|
||||
catrust=$(echo "${trustlist}" | \
|
||||
grep "Client Auth" 2>&1 >/dev/null && echo "C")
|
||||
grep "Client Auth" > /dev/null 2>&1 && echo "C")
|
||||
|
||||
# Get reject information
|
||||
rejectlist=$("${OPENSSL}" x509 -in "${cert}" -text -trustout | \
|
||||
grep -A1 "Rejected Uses")
|
||||
if test "${satrust}" == ""; then satrust=$(echo "${rejectlist}" | \
|
||||
grep "TLS Web Server" 2>&1> /dev/null && echo "p"); fi
|
||||
grep "TLS Web Server" > /dev/null 2>&1 && echo "p"); fi
|
||||
if test "${smtrust}" == ""; then smtrust=$(echo "${rejectlist}" | \
|
||||
grep "E-mail Protection" 2>&1> /dev/null && echo "p"); fi
|
||||
grep "E-mail Protection" > /dev/null 2>&1 && echo "p"); fi
|
||||
if test "${cstrust}" == ""; then cstrust=$(echo "${rejectlist}" | \
|
||||
grep "Code Signing" 2>&1> /dev/null && echo "p"); fi
|
||||
grep "Code Signing" > /dev/null 2>&1 && echo "p"); fi
|
||||
if test "${catrust}" == ""; then catrust=$(echo "${rejectlist}" | \
|
||||
grep "Client Auth" 2>&1> /dev/null && echo "p"); fi
|
||||
grep "Client Auth" > /dev/null 2>&1 && echo "p"); fi
|
||||
|
||||
|
||||
# Get individual values for certificates
|
||||
|
||||
Loading…
Reference in New Issue
Block a user