+++ /dev/null
-### -*-sh-*-
-
-## Set up configuration.
-ca_user=ca ca_group=ca ca_owner=root
-if [ -f etc/config ]; then . etc/config; fi
-
-runas_ca () {
- ## runas_ca
- ##
- ## Make sure we're running as the CA user. I don't trust ASN.1 parsers
- ## to run as root against untrusted input -- especially OpenSSL's one.
-
- case $(id -un) in
- $ca_user) ;;
- *) exec sudo -u $ca_user "$0" "$@" ;;
- esac
-}
-
-linkserial () {
- ## linkserial CERT [SERIAL]
- ##
- ## Make a link for the certificate according to its serial number.
-
- cert=$1 suffix=$2
- serial=$(openssl x509 -serial -noout -in "$cert")
- serial=${serial##*=}
- t=index/byserial$suffix/$serial.pem
- if [ -L "$t" ]; then
- other=$(readlink "$t")
- echo "Duplicate serial numbers: ${other##*/}, ${cert##*/}"
- badness=1
- return
- fi
- lns "$cert" "$t"
-}
-
-linkhash () {
- ## linkhash CERT [SUFFIX]
- ##
- ## Make links for the certificate according to its hash.
-
- cert=$1 suffix=$2
- fpr=$(openssl x509 -fingerprint -noout -in "$cert")
- for opt in subject_hash subject_hash_old; do
- n=0
- hash=$(openssl x509 -$opt -noout -in "$cert")
- while t=index/byhash$suffix/$hash.$n; [ -L "$t" ]; do
- ofpr=$(openssl x509 -fingerprint -noout -in "$t")
- other=$(readlink "$t")
- case "${cert##*/}" in "${other##*/}") continue ;; esac
- case "$ofpr" in
- "$fpr")
- echo "Duplicate certificates: ${other##*/}, ${cert##*/}"
- badness=1
- return
- ;;
- esac
- n=$(expr $n + 1)
- done
- lns "$cert" "$t"
- done
-}