This makes them easier to read. There's a slight risk of someone being
confused by a malicious file whose text representation doesn't contain
an accurate description of the actual contents, but I think that's a
fairly minor consideration. The files are also larger than they were
previously, but we'll have to put up with that.
## Copy the file away.
fresh-temp "$CERTROOT/tmp" tmp {
- file copy $file $tmp
+ exec openssl req -text -in $file -out $tmp
}
cleanup { file delete $tmp }
set subject ""
foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf" \
- -out "ca.cert" -keyout "private/ca.key" \
+ -text -out "ca.cert" -keyout "private/ca.key" \
-new -x509 -days $C(ca-period) \
-subj $subject
file attributes "ca.cert" \
exec openssl ca -config "etc/openssl.conf" -updatedb 2>@1
## Generate a CRL.
-exec openssl ca -config "etc/openssl.conf" -gencrl -out "crl" 2>@1
+exec openssl ca -config "etc/openssl.conf" -gencrl | \
+ openssl crl -text -out "crl" 2>@1
###----- That's all, folks --------------------------------------------------