FS-3890

2012-03-01 13:22:52 -06:00 · 2012-03-01 13:22:52 -06:00 · 2ec02e5445
parent 0626c89d4a
commit 2ec02e5445
1 changed files with 8 additions and 3 deletions
--- a/scripts/gentls_cert.in
+++ b/scripts/gentls_cert.in
@ -3,6 +3,7 @@
 CONFDIR=@prefix@/conf/ssl
 DAYS=2190
 KEY_SIZE=2048
+export KEY_SIZE=${KEY_SIZE}

 TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"

@ -36,10 +37,14 @@ setup_ca() {
 		mkdir -p -m 750 "${CONFDIR}/CA" || exit  1
 	fi

-	if [ ! -e "${CONFDIR}/CA/config.tpl" ]; then
+	if [ -e "${CONFDIR}/CA/config.tpl" ]; then
+		if [ $0 -nt "${CONFDIR}/CA/config.tpl" ]; then
+			echo "WARNING! genttls_cert has a modified time more recent than ${CONFDIR}/CA/config.tpl remove config.tpl to re-generate it"
+		fi
+	else
 		cat > "${CONFDIR}/CA/config.tpl" <<-EOF
 			[ req ]
-			default_bits            = $ENV::KEY_SIZE
+			default_bits            = \$ENV::KEY_SIZE
 			prompt                  = no
 			distinguished_name      = req_dn

@ -117,7 +122,7 @@ generate_cert() {
 			> "${TMPFILE}.cfg" || exit 1

 	openssl req -new -out "${TMPFILE}.req" \
-		-newkey rsa: -keyout "${TMPFILE}.key" \
+		-newkey rsa:${KEY_SIZE} -keyout "${TMPFILE}.key" \
 		-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1

 	openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \