Fix accidental breakage of anchors

This commit is contained in:
DJ Lucas 2018-09-03 00:57:28 -05:00
parent eb574a7166
commit d342d6f51a
2 changed files with 11 additions and 0 deletions

View File

@ -6,6 +6,8 @@
certificate stores - only the trust store and NSSDB are distributed
- Added "Wants=network-online.target" to update-pki.service - Thanks to
Brendan L for the fix
- No longer generate Java p12 format cacerts
- Create Redhat compatibility link for external programs to PEM bundle
0.8 - Use 'openssl rehash' instead of c-rehash script
0.7 - Generate both PKCS#12 and JKS stores for Java
- Local certs keep out of band trust when copied to system certs

9
make-ca Normal file → Executable file
View File

@ -527,6 +527,11 @@ for tempfile in ${TEMPDIR}/certs/*.tmp; do
"${tempfile}") | "${OPENSSL}" x509 -text -inform DER -fingerprint \
> tempfile.crt
# Get individual values for certificates
certkey="$(${OPENSSL} x509 -in tempfile.crt -noout -pubkey)"
certcer="$(${OPENSSL} x509 -in tempfile.crt)"
certtxt="$(${OPENSSL} x509 -in tempfile.crt -noout -text)"
# Get p11-kit label, oid, and values
p11label="$(grep -m1 "Issuer" ${tempfile} | grep -o CN=.*$ | \
cut -d ',' -f 1 | sed 's@CN=@@')"
@ -662,6 +667,10 @@ if test -d "${LOCALDIR}"; then
if test "${catrust}" == ""; then catrust=$(echo "${rejectlist}" | \
grep "Client Auth" 2>&1> /dev/null && echo "p"); fi
# Get individual values for certificates
certkey="$(${OPENSSL} x509 -in ${cert} -noout -pubkey)"
certcer="$(${OPENSSL} x509 -in ${cert})"
certtxt="$(${OPENSSL} x509 -in ${cert} -noout -text)"
# Place certificate into trust anchors dir
p11label="$(grep -m1 "Issuer" ${cert} | grep -o CN=.*$ | \