make-ca: Use p11label value and .p11-kit extension for anchor naming.
This commit is contained in:
parent
0faf62233b
commit
8baf93dc22
@ -4,13 +4,14 @@
|
|||||||
- Use last OU= value for get_p11_label() fallback
|
- Use last OU= value for get_p11_label() fallback
|
||||||
- Omit x-certificate-extension in comparison for
|
- Omit x-certificate-extension in comparison for
|
||||||
copy-local-modifications
|
copy-local-modifications
|
||||||
- Use X509v3 Key Usage section to determine local trust for anchros
|
- Use X509v3 Key Usage section to determine local trust for anchors
|
||||||
added using 'trust anchor --store'
|
added using 'trust anchor --store'
|
||||||
- Add nss-{server,email}-distrust-after values in anchors - requires
|
- Add nss-{server,email}-distrust-after values in anchors - requires
|
||||||
p11-kit >= 0.23.19
|
p11-kit >= 0.23.19
|
||||||
- Use --filter=certificates for all stores
|
- Use --filter=certificates for all stores
|
||||||
- Fix output of NSSDB and Java PCKS#12 stores
|
- Fix output of NSSDB and Java PCKS#12 stores
|
||||||
- Correct incorrectly named get_p11_val()
|
- Correct incorrectly named get_p11_val()
|
||||||
|
- Use p11label value and .p11-kit extension for anchor naming
|
||||||
1.7 - Revert help2man update (requires complete perl environment)
|
1.7 - Revert help2man update (requires complete perl environment)
|
||||||
1.6 - Fix install target for make -j#
|
1.6 - Fix install target for make -j#
|
||||||
- Add detailed dependency info and add note about configuration file
|
- Add detailed dependency info and add note about configuration file
|
||||||
|
16
make-ca
16
make-ca
@ -717,7 +717,8 @@ for tempfile in ${TEMPDIR}/certs/*.tmp; do
|
|||||||
echo "Keyhash: ${keyhash}"
|
echo "Keyhash: ${keyhash}"
|
||||||
|
|
||||||
# Place certificate into trust anchors dir
|
# Place certificate into trust anchors dir
|
||||||
anchorfile="${TEMPDIR}/pki/anchors/${keyhash}.pem"
|
anchorlabel=$(echo ${p11label} | sed -e 's@ @_@g' -e 's@(@@g' -e 's@)@@g')
|
||||||
|
anchorfile="${TEMPDIR}/pki/anchors/${anchorlabel}.p11-kit"
|
||||||
moz_trust="true"
|
moz_trust="true"
|
||||||
write_anchor
|
write_anchor
|
||||||
|
|
||||||
@ -734,9 +735,9 @@ for tempfile in ${TEMPDIR}/certs/*.tmp; do
|
|||||||
# Clean up the directory and environment as we go
|
# Clean up the directory and environment as we go
|
||||||
rm -f tempfile.crt
|
rm -f tempfile.crt
|
||||||
unset keyhash subject count
|
unset keyhash subject count
|
||||||
unset mozsadistrust mozsmdistrust
|
unset mozsadistrust mozsmdistrust anchorlabel anchorfile moz_trust
|
||||||
unset trustlist rejectlist satrust smtrust cstrust catrust
|
unset trustlist rejectlist satrust smtrust cstrust catrust
|
||||||
unset p11trust p11oid p11value trustp11 p11label anchrorfile moz_trust
|
unset p11trust p11oid p11value trustp11 p11label
|
||||||
|
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
done
|
done
|
||||||
@ -745,7 +746,7 @@ unset tempfile
|
|||||||
# Install anchors in $ANCHORDIR
|
# Install anchors in $ANCHORDIR
|
||||||
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
|
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
|
||||||
install -dm755 "${DESTDIR}${ANCHORDIR}" > /dev/null 2>&1
|
install -dm755 "${DESTDIR}${ANCHORDIR}" > /dev/null 2>&1
|
||||||
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
|
install -m644 "${TEMPDIR}"/pki/anchors/*.p11-kit "${DESTDIR}${ANCHORDIR}"
|
||||||
|
|
||||||
# Install NSS Shared DB
|
# Install NSS Shared DB
|
||||||
if test "${WITH_NSS}" == "1"; then
|
if test "${WITH_NSS}" == "1"; then
|
||||||
@ -821,7 +822,8 @@ if test -d "${LOCALDIR}"; then
|
|||||||
get_p11_trust
|
get_p11_trust
|
||||||
|
|
||||||
# Place certificate into trust anchors dir
|
# Place certificate into trust anchors dir
|
||||||
anchorfile="${DESTDIR}${ANCHORDIR}/${keyhash}.pem"
|
anchorlabel=$(echo ${p11label} | sed -e 's@ @_@g' -e 's@(@@g' -e 's@)@@')
|
||||||
|
anchorfile="${DESTDIR}${ANCHORDIR}/${anchorlabel}.p11-kit"
|
||||||
moz_trust="false"
|
moz_trust="false"
|
||||||
mozsadistrust="UNKNOWN"
|
mozsadistrust="UNKNOWN"
|
||||||
mozsmdistrust="UNKNOWN"
|
mozsmdistrust="UNKNOWN"
|
||||||
@ -841,9 +843,9 @@ if test -d "${LOCALDIR}"; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
unset keyhash subject count
|
unset keyhash subject count
|
||||||
unset mozsadistrust mozsmdistrust
|
unset mozsadistrust mozsmdistrust anchorlabel anchorfile moz_trust
|
||||||
unset trustlist rejectlist satrust smtrust cstrust catrust
|
unset trustlist rejectlist satrust smtrust cstrust catrust
|
||||||
unset p11trust p11oid p11value trustp11 p11label anchorfile moz_trust
|
unset p11trust p11oid p11value trustp11 p11label
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
|
|
||||||
done
|
done
|
||||||
|
Loading…
Reference in New Issue
Block a user