From: Sean Bright Date: Wed, 19 Feb 2020 14:38:31 +0000 (-0500) Subject: ast_tls_cert: Allow private key size to be set on command line X-Git-Tag: 17.3.0-rc1~14^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf26ce5d4fbef2693d05cb4de615f7cbdbedafea;p=thirdparty%2Fasterisk.git ast_tls_cert: Allow private key size to be set on command line The default size in release branches will be 1024 but we'll use 2048 in master. ASTERISK~28750 Change-Id: I435cea18bdd58824ed2b55259575c7ec7133842a --- diff --git a/contrib/scripts/ast_tls_cert b/contrib/scripts/ast_tls_cert index 116f110e22..04034f655e 100755 --- a/contrib/scripts/ast_tls_cert +++ b/contrib/scripts/ast_tls_cert @@ -49,7 +49,7 @@ create_ca () { create_cert () { local base=${OUTPUT_DIR}/${OUTPUT_BASE} echo "Creating certificate ${base}.key" - openssl genrsa -out ${base}.key 1024 > /dev/null + openssl genrsa -out ${base}.key ${KEYBITS:-1024} > /dev/null if [ $? -ne 0 ]; then echo "Failed" @@ -87,6 +87,7 @@ OPTIONS: -f Config filename (openssl config file format) -c CA cert filename (creates new CA cert/key as ca.crt/ca.key if not passed) -k CA key filename + -b The desired size of the private key in bits. Default is 1024. -C Common name (cert field) This should be the fully qualified domain name or IP address for the client or server. Make sure your certs have unique common @@ -128,7 +129,7 @@ OUTPUT_BASE=asterisk # Our default cert basename CERT_MODE=server ORG_NAME=${DEFAULT_ORG} -while getopts "hf:c:k:o:d:m:C:O:" OPTION +while getopts "hf:c:k:o:d:m:C:O:b:" OPTION do case ${OPTION} in h) @@ -144,6 +145,9 @@ do k) CAKEY=${OPTARG} ;; + b) + KEYBITS=${OPTARG} + ;; o) OUTPUT_BASE=${OPTARG} ;;