ecc/server.key \
ecc/server.pem
-GENERATED_CERT_FILES := $(addprefix ${top_srcdir}/raddb/certs/,$(LOCAL_CERT_FILES))
-
INSTALL_CERT_PRODUCTS := $(addprefix $(R)$(raddbdir)/certs/,$(INSTALL_CERT_FILES))
ifeq ("$(TEST_CERTS)","yes")
ifeq ("$(PACKAGE)","")
#
# Always create the test certs for normal development.
-#
-build.raddb: $(GENERATED_CERT_FILES)
-
-
-.PHONY: ${top_srcdir}/raddb/certs/rsa
-${top_srcdir}/raddb/certs/rsa:
- @mkdir -p $@
-
-.PHONY: ${top_srcdir}/raddb/certs/ecc
-${top_srcdir}/raddb/certs/ecc:
- @mkdir -p $@
-
-${top_srcdir}/raddb/certs/passwords.mk: $(wildcard ${top_srcdir}/raddb/certs/*cnf)
- ${Q}$(MAKE) -C $(dir $@) $(notdir $@)
-
-
#
# We used to have cached certificates in src/test/certs which would regularly
# expire and break CI.
# done with the CI environment's caching features and not committed to the
# git repository.
#
-define BUILD_CERT
-${1}/${2}/${3}.key: ${1}/${3}.cnf ${1}/passwords.mk | ${1}/${2}
- $${Q}echo CERT-KEY ${2}/${3}
- $${Q}$$(MAKE) -C ${1} ${2}/${3}.key
- @touch $$@
-
-${1}/${2}/${3}.csr: ${1}/${2}/${3}.key
- $${Q}echo CERT-CSR ${2}/${3}
- $${Q}$$(MAKE) -C ${1} ${2}/${3}.csr
- @touch $$@
-
-${1}/${2}/${3}.pem: ${1}/${2}/${3}.key
- $${Q}echo CERT-PEM ${2}/${3}
- $${Q}$$(MAKE) -C ${1} ${2}/${3}.pem
- @touch $$@
-
-${1}/${2}/${3}.crt: ${1}/${2}/${3}.pem
- $${Q}echo CERT-CRT ${2}/${3}
- $${Q}$$(MAKE) -C ${1} ${2}/${3}.crt
- @touch $$@
-
-ifneq "${3}" "ca"
-# client, server, and OCSP certs need the CA cert.
-${1}/${2}/${3}.crt: ${1}/${2}/ca.crt
-
-${1}/${2}/${3}.crt: ${1}/${2}/${3}.csr
-endif
-
-endef
-
-#
-# Generate local certificate products when doing a non-package
-# (i.e. developer) build.
+# To avoid race conditions when calling `openssl ca` the submake is called
+# with -j1
#
-$(foreach dir,rsa ecc,$(foreach file,ca server client ocsp,$(eval $(call BUILD_CERT,${top_srcdir}/raddb/certs,${dir},${file}))))
+build.raddb: ${top_srcdir}/raddb/certs/ecc/ocsp.pem
-${top_srcdir}/raddb/certs/dh: ${top_srcdir}/raddb/certs/passwords.mk
- ${Q}echo CERT-DH $@
- ${Q}$(MAKE) -C ${top_srcdir}/raddb/certs/ $(notdir $@)
- ${Q}touch $@
+${top_srcdir}/raddb/certs/ecc/ocsp.pem:
+ ${Q}$(MAKE) -j1 -C ${top_srcdir}/raddb/certs/
#
# If we're not packaging the server, install the various
openssl pkcs12 -in rsa/server.p12 -out rsa/server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
.PHONY: rsa/server.vrfy
-rsa/server.vrfy: rsa/ca.pem
+rsa/server.vrfy: rsa/ca.pem rsa/server.pem
@openssl verify $(PARTIAL) -CAfile rsa/ca.pem rsa/server.pem
######################################################################
openssl pkcs12 -in ecc/server.p12 -out ecc/server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
.PHONY: ecc/server.vrfy
-ecc/server.vrfy: ecc/ca.pem
+ecc/server.vrfy: ecc/ca.pem ecc/server.pem
@openssl verify $(PARTIAL) -CAfile ecc/ca.pem ecc/server.pem
######################################################################
openssl pkcs12 -in rsa/ocsp.p12 -out rsa/ocsp.pem -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
.PHONY: rsa/ocsp.vrfy
-rsa/ocsp.vrfy: rsa/ca.pem
+rsa/ocsp.vrfy: rsa/ca.pem rsa/ocsp.pem
@openssl verify $(PARTIAL) -CAfile rsa/ca.pem rsa/ocsp.pem
######################################################################
openssl pkcs12 -in ecc/ocsp.p12 -out ecc/ocsp.pem -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
.PHONY: ecc/ocsp.vrfy
-ecc/ocsp.vrfy: ecc/ca.pem
+ecc/ocsp.vrfy: ecc/ca.pem ecc/ocsp.pem
@openssl verify $(PARTIAL) -CAfile ecc/ca.pem ecc/ocsp.pem
######################################################################
projects / thirdparty / freeradius-server.git / commitdiff
