Remove unused variables saarg, csarg, and smarg in get_trust_values() function

Remove unused CERTLIST variable in copy-trust-modifications
Correct STDERR redirection in multiple functions
This commit is contained in:
DJ Lucas 2019-04-12 22:20:20 -05:00
parent ddad9bbee0
commit 31e66e0c74
3 changed files with 23 additions and 27 deletions

View File

@ -1,6 +1,10 @@
1.3 - Added write_nss_db() and write_java_p12() functions to eliminate
duplicate code
- Corrected version string
- Remove unused variables saarg, csarg, and smarg in
get_trust_values() function
- Remove unused CERTLIST variable in copy-trust-modifications
- Correct STDERR redirection in multiple functions
1.2 - Use md5sum values for anchors.txt to detect p11-kit changes
- Added get_p11_label() function to get reliable label values
- Added get_trust_values(), get_p11_trust(), and write_anchor()

View File

@ -9,7 +9,6 @@ else
ANCHORLIST="/etc/pki/anchors.md5sums"
LOCALDIR="/etc/ssl/local"
MD5SUM="/usr/bin/md5sum"
CERTLIST=""
fi
# Dump to a temporary directory

45
make-ca
View File

@ -93,7 +93,7 @@ function get_args(){
SSLDIR="${2}"
CERTDIR="${SSLDIR}/certs"
LOCALDIR="${SSLDIR}/local"
echo "${@}" | grep -e "-d " -e "--cadir" 2>&1> /dev/null
echo "${@}" | grep -e "-d " -e "--cadir" > /dev/null 2>&1
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with the -d/--cadir switch."
echo ""
@ -105,7 +105,7 @@ function get_args(){
-a | --anchordir)
check_arg $1 $2
ANCHORDIR="${2}"
echo "${@}" | grep -e "-P " -e "--pkidir" 2>&1> /dev/null
echo "${@}" | grep -e "-P " -e "--pkidir" > /dev/null 2>&1
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with the -P/--pkidir switch."
echo ""
@ -120,8 +120,8 @@ function get_args(){
;;
-d | --cadir)
check_arg $1 $2
CADIR="${2}"
echo "$@" | grep -e "-S" -e "--ssldir" 2>&1 > /dev/null
CERTDIR="${2}"
echo "$@" | grep -e "-S" -e "--ssldir" > /dev/null 2>&1
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with the -S/--ssldir switch."
echo ""
@ -442,13 +442,6 @@ function get_trust_values() {
# Not currently included in NSS certdata.txt
#catrust="$(convert_trust `grep '^CKA_TRUST_CLIENT_AUTH' ${1} | \
# cut -d " " -f 3`)"
# Get args for OpenSSL trust settings
saarg="$(convert_trust_arg "${satrust}" sa)"
smarg="$(convert_trust_arg "${smtrust}" sm)"
csarg="$(convert_trust_arg "${cstrust}" cs)"
# Not currently included in NSS certdata.txt
#caarg="$(convert_trust_arg "${catrust}" ca)"
}
function get_p11_trust() {
@ -513,7 +506,7 @@ function write_java_p12() {
# Remove existing certificate
"${KEYTOOL}" -delete -noprompt -alias "${certname}" \
-keystore "${1}" \
-storepass 'changeit' 2>&1> /dev/null
-storepass 'changeit' > /dev/null 2>&1
# Determine ExtendedKeyUsage
EKU=""
EKUVAL=""
@ -537,7 +530,7 @@ function write_java_p12() {
"${KEYTOOL}" -importcert -file "${2}" -storetype PKCS12 \
-noprompt -alias "${certname}" -storepass 'changeit' \
-keystore "${1}" $EKUVAL \
2>&1> /dev/null | \
> /dev/null 2>&1 | \
sed -e "s@Certificate was a@A@" \
-e 's@keystore@Java cacerts (PKCS#12) with trust '${satrust},${smtrust},${cstrust}'.@' \
| sed 's@p@@'
@ -577,11 +570,11 @@ if test "${GET}" == "1"; then
SARGS="${SARGS} -proxy ${PROXY}"
fi
echo GET ${_url} | \
${OPENSSL} s_client ${SARGS} 2>/dev/null > "${TEMPDIR}/certdata.txt.log"
${OPENSSL} s_client ${SARGS} 2> /dev/null > "${TEMPDIR}/certdata.txt.log"
unset _url
# Error out here if we couldn't get the file
grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" 2>&1>/dev/null
grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" > /dev/null 2>&1
if test "$?" -gt 0; then
echo "Unable to get revision from server! Exiting."
exit 1
@ -600,7 +593,7 @@ if test "${GET}" == "1"; then
# Download the new file
echo GET ${URL} | \
${OPENSSL} s_client ${SARGS} 2>/dev/null >> "${CERTDATA}"
${OPENSSL} s_client ${SARGS} 2> /dev/null >> "${CERTDATA}"
_line=$(( $(grep -n "certdata.txt" "${CERTDATA}" | cut -d ":" -f 1) - 1))
sed -e "1,${_line}d" -i "${CERTDATA}"
sed "1i # Revision:${REVISION}" -i "${CERTDATA}"
@ -710,7 +703,7 @@ unset tempfile
# Install anchors in $ANCHORDIR
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
install -dm755 "${DESTDIR}${ANCHORDIR}" 2>&1>/dev/null
install -dm755 "${DESTDIR}${ANCHORDIR}" > /dev/null 2>&1
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
# Install NSS Shared DB
@ -720,7 +713,7 @@ if test "${WITH_NSS}" == "1"; then
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
test -d "${DESTDIR}${NSSDB}" && rm -rf "${DESTDIR}${NSSDB}"
install -dm755 "${DESTDIR}${NSSDB}" 2>&1>/dev/null
install -dm755 "${DESTDIR}${NSSDB}" > /dev/null 2>&1
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
"${DESTDIR}${NSSDB}"
fi
@ -755,25 +748,25 @@ if test -d "${LOCALDIR}"; then
cstrust=""
catrust=""
satrust=$(echo "${trustlist}" | \
grep "TLS Web Server" 2>&1> /dev/null && echo "C")
grep "TLS Web Server" > /dev/null 2>&1 && echo "C")
smtrust=$(echo "${trustlist}" | \
grep "E-mail Protection" 2>&1 >/dev/null && echo "C")
grep "E-mail Protection" > /dev/null 2>&1 && echo "C")
cstrust=$(echo "${trustlist}" | \
grep "Code Signing" 2>&1 >/dev/null && echo "C")
grep "Code Signing" > /dev/null 2>&1 && echo "C")
catrust=$(echo "${trustlist}" | \
grep "Client Auth" 2>&1 >/dev/null && echo "C")
grep "Client Auth" > /dev/null 2>&1 && echo "C")
# Get reject information
rejectlist=$("${OPENSSL}" x509 -in "${cert}" -text -trustout | \
grep -A1 "Rejected Uses")
if test "${satrust}" == ""; then satrust=$(echo "${rejectlist}" | \
grep "TLS Web Server" 2>&1> /dev/null && echo "p"); fi
grep "TLS Web Server" > /dev/null 2>&1 && echo "p"); fi
if test "${smtrust}" == ""; then smtrust=$(echo "${rejectlist}" | \
grep "E-mail Protection" 2>&1> /dev/null && echo "p"); fi
grep "E-mail Protection" > /dev/null 2>&1 && echo "p"); fi
if test "${cstrust}" == ""; then cstrust=$(echo "${rejectlist}" | \
grep "Code Signing" 2>&1> /dev/null && echo "p"); fi
grep "Code Signing" > /dev/null 2>&1 && echo "p"); fi
if test "${catrust}" == ""; then catrust=$(echo "${rejectlist}" | \
grep "Client Auth" 2>&1> /dev/null && echo "p"); fi
grep "Client Auth" > /dev/null 2>&1 && echo "p"); fi
# Get individual values for certificates