Remove unused variables saarg, csarg, and smarg in get_trust_values() function
Remove unused CERTLIST variable in copy-trust-modifications Correct STDERR redirection in multiple functions
This commit is contained in:
parent
ddad9bbee0
commit
31e66e0c74
@ -1,6 +1,10 @@
|
|||||||
1.3 - Added write_nss_db() and write_java_p12() functions to eliminate
|
1.3 - Added write_nss_db() and write_java_p12() functions to eliminate
|
||||||
duplicate code
|
duplicate code
|
||||||
- Corrected version string
|
- Corrected version string
|
||||||
|
- Remove unused variables saarg, csarg, and smarg in
|
||||||
|
get_trust_values() function
|
||||||
|
- Remove unused CERTLIST variable in copy-trust-modifications
|
||||||
|
- Correct STDERR redirection in multiple functions
|
||||||
1.2 - Use md5sum values for anchors.txt to detect p11-kit changes
|
1.2 - Use md5sum values for anchors.txt to detect p11-kit changes
|
||||||
- Added get_p11_label() function to get reliable label values
|
- Added get_p11_label() function to get reliable label values
|
||||||
- Added get_trust_values(), get_p11_trust(), and write_anchor()
|
- Added get_trust_values(), get_p11_trust(), and write_anchor()
|
||||||
|
@ -9,7 +9,6 @@ else
|
|||||||
ANCHORLIST="/etc/pki/anchors.md5sums"
|
ANCHORLIST="/etc/pki/anchors.md5sums"
|
||||||
LOCALDIR="/etc/ssl/local"
|
LOCALDIR="/etc/ssl/local"
|
||||||
MD5SUM="/usr/bin/md5sum"
|
MD5SUM="/usr/bin/md5sum"
|
||||||
CERTLIST=""
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Dump to a temporary directory
|
# Dump to a temporary directory
|
||||||
|
41
make-ca
41
make-ca
@ -93,7 +93,7 @@ function get_args(){
|
|||||||
SSLDIR="${2}"
|
SSLDIR="${2}"
|
||||||
CERTDIR="${SSLDIR}/certs"
|
CERTDIR="${SSLDIR}/certs"
|
||||||
LOCALDIR="${SSLDIR}/local"
|
LOCALDIR="${SSLDIR}/local"
|
||||||
echo "${@}" | grep -e "-d " -e "--cadir" 2>&1> /dev/null
|
echo "${@}" | grep -e "-d " -e "--cadir" > /dev/null 2>&1
|
||||||
if test "${?}" == "0"; then
|
if test "${?}" == "0"; then
|
||||||
echo "Error! ${1} cannot be used with the -d/--cadir switch."
|
echo "Error! ${1} cannot be used with the -d/--cadir switch."
|
||||||
echo ""
|
echo ""
|
||||||
@ -105,7 +105,7 @@ function get_args(){
|
|||||||
-a | --anchordir)
|
-a | --anchordir)
|
||||||
check_arg $1 $2
|
check_arg $1 $2
|
||||||
ANCHORDIR="${2}"
|
ANCHORDIR="${2}"
|
||||||
echo "${@}" | grep -e "-P " -e "--pkidir" 2>&1> /dev/null
|
echo "${@}" | grep -e "-P " -e "--pkidir" > /dev/null 2>&1
|
||||||
if test "${?}" == "0"; then
|
if test "${?}" == "0"; then
|
||||||
echo "Error! ${1} cannot be used with the -P/--pkidir switch."
|
echo "Error! ${1} cannot be used with the -P/--pkidir switch."
|
||||||
echo ""
|
echo ""
|
||||||
@ -120,8 +120,8 @@ function get_args(){
|
|||||||
;;
|
;;
|
||||||
-d | --cadir)
|
-d | --cadir)
|
||||||
check_arg $1 $2
|
check_arg $1 $2
|
||||||
CADIR="${2}"
|
CERTDIR="${2}"
|
||||||
echo "$@" | grep -e "-S" -e "--ssldir" 2>&1 > /dev/null
|
echo "$@" | grep -e "-S" -e "--ssldir" > /dev/null 2>&1
|
||||||
if test "${?}" == "0"; then
|
if test "${?}" == "0"; then
|
||||||
echo "Error! ${1} cannot be used with the -S/--ssldir switch."
|
echo "Error! ${1} cannot be used with the -S/--ssldir switch."
|
||||||
echo ""
|
echo ""
|
||||||
@ -442,13 +442,6 @@ function get_trust_values() {
|
|||||||
# Not currently included in NSS certdata.txt
|
# Not currently included in NSS certdata.txt
|
||||||
#catrust="$(convert_trust `grep '^CKA_TRUST_CLIENT_AUTH' ${1} | \
|
#catrust="$(convert_trust `grep '^CKA_TRUST_CLIENT_AUTH' ${1} | \
|
||||||
# cut -d " " -f 3`)"
|
# cut -d " " -f 3`)"
|
||||||
|
|
||||||
# Get args for OpenSSL trust settings
|
|
||||||
saarg="$(convert_trust_arg "${satrust}" sa)"
|
|
||||||
smarg="$(convert_trust_arg "${smtrust}" sm)"
|
|
||||||
csarg="$(convert_trust_arg "${cstrust}" cs)"
|
|
||||||
# Not currently included in NSS certdata.txt
|
|
||||||
#caarg="$(convert_trust_arg "${catrust}" ca)"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_p11_trust() {
|
function get_p11_trust() {
|
||||||
@ -513,7 +506,7 @@ function write_java_p12() {
|
|||||||
# Remove existing certificate
|
# Remove existing certificate
|
||||||
"${KEYTOOL}" -delete -noprompt -alias "${certname}" \
|
"${KEYTOOL}" -delete -noprompt -alias "${certname}" \
|
||||||
-keystore "${1}" \
|
-keystore "${1}" \
|
||||||
-storepass 'changeit' 2>&1> /dev/null
|
-storepass 'changeit' > /dev/null 2>&1
|
||||||
# Determine ExtendedKeyUsage
|
# Determine ExtendedKeyUsage
|
||||||
EKU=""
|
EKU=""
|
||||||
EKUVAL=""
|
EKUVAL=""
|
||||||
@ -537,7 +530,7 @@ function write_java_p12() {
|
|||||||
"${KEYTOOL}" -importcert -file "${2}" -storetype PKCS12 \
|
"${KEYTOOL}" -importcert -file "${2}" -storetype PKCS12 \
|
||||||
-noprompt -alias "${certname}" -storepass 'changeit' \
|
-noprompt -alias "${certname}" -storepass 'changeit' \
|
||||||
-keystore "${1}" $EKUVAL \
|
-keystore "${1}" $EKUVAL \
|
||||||
2>&1> /dev/null | \
|
> /dev/null 2>&1 | \
|
||||||
sed -e "s@Certificate was a@A@" \
|
sed -e "s@Certificate was a@A@" \
|
||||||
-e 's@keystore@Java cacerts (PKCS#12) with trust '${satrust},${smtrust},${cstrust}'.@' \
|
-e 's@keystore@Java cacerts (PKCS#12) with trust '${satrust},${smtrust},${cstrust}'.@' \
|
||||||
| sed 's@p@@'
|
| sed 's@p@@'
|
||||||
@ -581,7 +574,7 @@ if test "${GET}" == "1"; then
|
|||||||
unset _url
|
unset _url
|
||||||
|
|
||||||
# Error out here if we couldn't get the file
|
# Error out here if we couldn't get the file
|
||||||
grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" 2>&1>/dev/null
|
grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" > /dev/null 2>&1
|
||||||
if test "$?" -gt 0; then
|
if test "$?" -gt 0; then
|
||||||
echo "Unable to get revision from server! Exiting."
|
echo "Unable to get revision from server! Exiting."
|
||||||
exit 1
|
exit 1
|
||||||
@ -710,7 +703,7 @@ unset tempfile
|
|||||||
|
|
||||||
# Install anchors in $ANCHORDIR
|
# Install anchors in $ANCHORDIR
|
||||||
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
|
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
|
||||||
install -dm755 "${DESTDIR}${ANCHORDIR}" 2>&1>/dev/null
|
install -dm755 "${DESTDIR}${ANCHORDIR}" > /dev/null 2>&1
|
||||||
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
|
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
|
||||||
|
|
||||||
# Install NSS Shared DB
|
# Install NSS Shared DB
|
||||||
@ -720,7 +713,7 @@ if test "${WITH_NSS}" == "1"; then
|
|||||||
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
|
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
|
||||||
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
|
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
|
||||||
test -d "${DESTDIR}${NSSDB}" && rm -rf "${DESTDIR}${NSSDB}"
|
test -d "${DESTDIR}${NSSDB}" && rm -rf "${DESTDIR}${NSSDB}"
|
||||||
install -dm755 "${DESTDIR}${NSSDB}" 2>&1>/dev/null
|
install -dm755 "${DESTDIR}${NSSDB}" > /dev/null 2>&1
|
||||||
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
|
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
|
||||||
"${DESTDIR}${NSSDB}"
|
"${DESTDIR}${NSSDB}"
|
||||||
fi
|
fi
|
||||||
@ -755,25 +748,25 @@ if test -d "${LOCALDIR}"; then
|
|||||||
cstrust=""
|
cstrust=""
|
||||||
catrust=""
|
catrust=""
|
||||||
satrust=$(echo "${trustlist}" | \
|
satrust=$(echo "${trustlist}" | \
|
||||||
grep "TLS Web Server" 2>&1> /dev/null && echo "C")
|
grep "TLS Web Server" > /dev/null 2>&1 && echo "C")
|
||||||
smtrust=$(echo "${trustlist}" | \
|
smtrust=$(echo "${trustlist}" | \
|
||||||
grep "E-mail Protection" 2>&1 >/dev/null && echo "C")
|
grep "E-mail Protection" > /dev/null 2>&1 && echo "C")
|
||||||
cstrust=$(echo "${trustlist}" | \
|
cstrust=$(echo "${trustlist}" | \
|
||||||
grep "Code Signing" 2>&1 >/dev/null && echo "C")
|
grep "Code Signing" > /dev/null 2>&1 && echo "C")
|
||||||
catrust=$(echo "${trustlist}" | \
|
catrust=$(echo "${trustlist}" | \
|
||||||
grep "Client Auth" 2>&1 >/dev/null && echo "C")
|
grep "Client Auth" > /dev/null 2>&1 && echo "C")
|
||||||
|
|
||||||
# Get reject information
|
# Get reject information
|
||||||
rejectlist=$("${OPENSSL}" x509 -in "${cert}" -text -trustout | \
|
rejectlist=$("${OPENSSL}" x509 -in "${cert}" -text -trustout | \
|
||||||
grep -A1 "Rejected Uses")
|
grep -A1 "Rejected Uses")
|
||||||
if test "${satrust}" == ""; then satrust=$(echo "${rejectlist}" | \
|
if test "${satrust}" == ""; then satrust=$(echo "${rejectlist}" | \
|
||||||
grep "TLS Web Server" 2>&1> /dev/null && echo "p"); fi
|
grep "TLS Web Server" > /dev/null 2>&1 && echo "p"); fi
|
||||||
if test "${smtrust}" == ""; then smtrust=$(echo "${rejectlist}" | \
|
if test "${smtrust}" == ""; then smtrust=$(echo "${rejectlist}" | \
|
||||||
grep "E-mail Protection" 2>&1> /dev/null && echo "p"); fi
|
grep "E-mail Protection" > /dev/null 2>&1 && echo "p"); fi
|
||||||
if test "${cstrust}" == ""; then cstrust=$(echo "${rejectlist}" | \
|
if test "${cstrust}" == ""; then cstrust=$(echo "${rejectlist}" | \
|
||||||
grep "Code Signing" 2>&1> /dev/null && echo "p"); fi
|
grep "Code Signing" > /dev/null 2>&1 && echo "p"); fi
|
||||||
if test "${catrust}" == ""; then catrust=$(echo "${rejectlist}" | \
|
if test "${catrust}" == ""; then catrust=$(echo "${rejectlist}" | \
|
||||||
grep "Client Auth" 2>&1> /dev/null && echo "p"); fi
|
grep "Client Auth" > /dev/null 2>&1 && echo "p"); fi
|
||||||
|
|
||||||
|
|
||||||
# Get individual values for certificates
|
# Get individual values for certificates
|
||||||
|
Loading…
Reference in New Issue
Block a user