ast_tls_cert: Allow private key size to be set on command line

The default size in release branches will be 1024 but we'll use 2048 in master.

ASTERISK~28750

Change-Id: I435cea18bdd58824ed2b55259575c7ec7133842a

diff --git a/contrib/scripts/ast_tls_cert b/contrib/scripts/ast_tls_cert
index 116f110e22aadbaf585863997b8e775c1edac65e..04034f655e8b0fea6bb16b31edc63a049552f215 100755 (executable)
--- a/contrib/scripts/ast_tls_cert
+++ b/contrib/scripts/ast_tls_cert
@@ -49,7 +49,7 @@ create_ca () {
 create_cert () {
        local base=${OUTPUT_DIR}/${OUTPUT_BASE}
        echo "Creating certificate ${base}.key"
-       openssl genrsa -out ${base}.key 1024 > /dev/null
+       openssl genrsa -out ${base}.key ${KEYBITS:-1024} > /dev/null
        if [ $? -ne 0 ];
        then
                echo "Failed"
@@ -87,6 +87,7 @@ OPTIONS:
   -f  Config filename (openssl config file format)
   -c  CA cert filename (creates new CA cert/key as ca.crt/ca.key if not passed)
   -k  CA key filename
+  -b  The desired size of the private key in bits. Default is 1024.
   -C  Common name (cert field)
         This should be the fully qualified domain name or IP address for
         the client or server. Make sure your certs have unique common
@@ -128,7 +129,7 @@ OUTPUT_BASE=asterisk # Our default cert basename
 CERT_MODE=server
 ORG_NAME=${DEFAULT_ORG}
 
-while getopts "hf:c:k:o:d:m:C:O:" OPTION
+while getopts "hf:c:k:o:d:m:C:O:b:" OPTION
 do
        case ${OPTION} in
                h)
@@ -144,6 +145,9 @@ do
                k)
                        CAKEY=${OPTARG}
                        ;;
+               b)
+                       KEYBITS=${OPTARG}
+                       ;;
                o)
                        OUTPUT_BASE=${OPTARG}
                        ;;