From de6919f33942911647b1ec0eccfdd942ad776f55 Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Wed, 19 Feb 2020 09:38:31 -0500 Subject: [PATCH] ast_tls_cert: Allow private key size to be set on command line The default size in release branches will be 1024 but we'll use 2048 in master. ASTERISK~28750 Change-Id: I435cea18bdd58824ed2b55259575c7ec7133842a --- contrib/scripts/ast_tls_cert | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/contrib/scripts/ast_tls_cert b/contrib/scripts/ast_tls_cert index 116f110e22..820eeb9de3 100755 --- a/contrib/scripts/ast_tls_cert +++ b/contrib/scripts/ast_tls_cert @@ -49,7 +49,7 @@ create_ca () { create_cert () { local base=${OUTPUT_DIR}/${OUTPUT_BASE} echo "Creating certificate ${base}.key" - openssl genrsa -out ${base}.key 1024 > /dev/null + openssl genrsa -out ${base}.key ${KEYBITS:-2048} > /dev/null if [ $? -ne 0 ]; then echo "Failed" @@ -87,6 +87,7 @@ OPTIONS: -f Config filename (openssl config file format) -c CA cert filename (creates new CA cert/key as ca.crt/ca.key if not passed) -k CA key filename + -b The desired size of the private key in bits. Default is 2048. -C Common name (cert field) This should be the fully qualified domain name or IP address for the client or server. Make sure your certs have unique common @@ -128,7 +129,7 @@ OUTPUT_BASE=asterisk # Our default cert basename CERT_MODE=server ORG_NAME=${DEFAULT_ORG} -while getopts "hf:c:k:o:d:m:C:O:" OPTION +while getopts "hf:c:k:o:d:m:C:O:b:" OPTION do case ${OPTION} in h) @@ -144,6 +145,9 @@ do k) CAKEY=${OPTARG} ;; + b) + KEYBITS=${OPTARG} + ;; o) OUTPUT_BASE=${OPTARG} ;; -- 2.47.2