From: Jonathan Rose Date: Tue, 23 Oct 2012 16:21:22 +0000 (+0000) Subject: ast_tls_cert script: Better response for various exit conditions to openssl X-Git-Tag: 10.11.0-rc1~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13ec2ea5424d7aef9095bfded6e8ec19bfa056ef;p=thirdparty%2Fasterisk.git ast_tls_cert script: Better response for various exit conditions to openssl (closes issue ASTERISK-20260) Reported by: Daniel O'Connor Patches: ast_tls_cert-update.diff uploaded by Daniel O'Connor (license 6419) ........ Merged revisions 375325 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@375326 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/contrib/scripts/ast_tls_cert b/contrib/scripts/ast_tls_cert index 991352072c..3c5363a004 100755 --- a/contrib/scripts/ast_tls_cert +++ b/contrib/scripts/ast_tls_cert @@ -30,20 +30,45 @@ EOF } create_ca () { - echo "Creating ${CAKEY}" + echo "Creating CA key ${CAKEY}" openssl genrsa -des3 -out ${CAKEY} 4096 > /dev/null - echo "Creating ${CACERT}" + if [ $? -ne 0 ]; + then + echo "Failed" + exit 1 + fi + echo "Creating CA certificate ${CACERT}" openssl req -new -config ${CACFG} -x509 -days 365 -key ${CAKEY} -out ${CACERT} > /dev/null + if [ $? -ne 0 ]; + then + echo "Failed" + exit 1 + fi } create_cert () { local base=${OUTPUT_DIR}/${OUTPUT_BASE} - echo "Creating ${base}.key" + echo "Creating certificate ${base}.key" openssl genrsa -out ${base}.key 1024 > /dev/null - echo "Creating signing request" + if [ $? -ne 0 ]; + then + echo "Failed" + exit 1 + fi + echo "Creating signing request ${base}.csr" openssl req -batch -new -config ${CONFIG_FILE} -key ${base}.key -out ${base}.csr > /dev/null - echo "Creating ${base}.crt" + if [ $? -ne 0 ]; + then + echo "Failed" + exit 1 + fi + echo "Creating certificate ${base}.crt" openssl x509 -req -days 365 -in ${base}.csr -CA ${CACERT} -CAkey ${CAKEY} -set_serial 01 -out ${base}.crt > /dev/null + if [ $? -ne 0 ]; + then + echo "Failed" + exit 1 + fi echo "Combining key and crt into ${base}.pem" cat ${base}.key > ${base}.pem cat ${base}.crt >> ${base}.pem @@ -181,6 +206,12 @@ then CACFG=${OUTPUT_DIR}/ca.cfg create_config ca "${CACFG}" "${DEFAULT_CA_CN}" "${DEFAULT_CA_ORG}" create_ca +else + if [ -z ${CAKEY} ] + then + echo "-k must be specified if -c is" + exit 1 + fi fi create_cert