From: Naveen Albert Date: Wed, 16 Jul 2025 13:06:35 +0000 (-0400) Subject: ast_tls_cert: Make certificate validity configurable. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16280837d2455e013fc9940cb87873b9fc7987c6;p=thirdparty%2Fasterisk.git ast_tls_cert: Make certificate validity configurable. Currently, the ast_tls_cert script is hardcoded to produce certificates with a validity of 365 days, which is not generally desirable for self- signed certificates. Make this parameter configurable. Resolves: #1307 --- diff --git a/contrib/scripts/ast_tls_cert b/contrib/scripts/ast_tls_cert index e2003554d6..e8bf3de276 100755 --- a/contrib/scripts/ast_tls_cert +++ b/contrib/scripts/ast_tls_cert @@ -4,6 +4,7 @@ DEFAULT_CA_CN="Asterisk Private CA" DEFAULT_CLIENT_CN="asterisk" DEFAULT_SERVER_CN=`hostname -f` CA_ENCRYPTION_OPT="-des3" +VALIDITY_DAYS=365 # arguments # $1 "ca" if we are to generate a CA cert @@ -39,7 +40,7 @@ create_ca () { exit 1 fi echo "Creating CA certificate ${CACERT}" - openssl req -new -config ${CACFG} -x509 -days 365 -key ${CAKEY} -out ${CACERT} > /dev/null + openssl req -new -config ${CACFG} -x509 -days ${VALIDITY_DAYS} -key ${CAKEY} -out ${CACERT} > /dev/null if [ $? -ne 0 ]; then echo "Failed" @@ -64,7 +65,7 @@ create_cert () { exit 1 fi echo "Creating certificate ${base}.crt" - openssl x509 -req -days 365 -in ${base}.csr -CA ${CACERT} -CAkey ${CAKEY} -set_serial 01 -out ${base}.crt > /dev/null + openssl x509 -req -days ${VALIDITY_DAYS} -in ${base}.csr -CA ${CACERT} -CAkey ${CAKEY} -set_serial 01 -out ${base}.crt > /dev/null if [ $? -ne 0 ]; then echo "Failed" @@ -98,6 +99,7 @@ OPTIONS: An informational string (company name) -o Output filename base (defaults to asterisk) -d Output directory (defaults to the current directory) + -v CA/certificate validity in days (defaults to 365) Example: @@ -131,7 +133,7 @@ OUTPUT_BASE=asterisk # Our default cert basename CERT_MODE=server ORG_NAME=${DEFAULT_ORG} -while getopts "hf:c:ek:o:d:m:C:O:b:" OPTION +while getopts "hf:c:ek:o:d:m:C:O:b:v:" OPTION do case ${OPTION} in h) @@ -153,6 +155,9 @@ do b) KEYBITS=${OPTARG} ;; + v) + VALIDITY_DAYS=${OPTARG} + ;; o) OUTPUT_BASE=${OPTARG} ;;