bin: Produce output PEM files with text descriptions of their contents.

This makes them easier to read.  There's a slight risk of someone being
confused by a malicious file whose text representation doesn't contain
an accurate description of the actual contents, but I think that's a
fairly minor consideration.  The files are also larger than they were
previously, but we'll have to put up with that.

diff --git a/bin/add b/bin/add
index 1c2ae81..6bd128b 100755 (executable)
--- a/bin/add
+++ b/bin/add
@@ -77,7 +77,7 @@ db transaction {
 
     ## Copy the file away.
     fresh-temp "$CERTROOT/tmp" tmp {
-      file copy $file $tmp
+      exec openssl req -text -in $file -out $tmp
     }
     cleanup { file delete $tmp }
 

diff --git a/bin/setup b/bin/setup
index ab3d0b2..845c2a4 100755 (executable)
--- a/bin/setup
+++ b/bin/setup
@@ -64,7 +64,7 @@ make-directories 0750 "private"
 set subject ""
 foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
 exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf"  \
-    -out "ca.cert" -keyout "private/ca.key" \
+    -text -out "ca.cert" -keyout "private/ca.key" \
     -new -x509 -days $C(ca-period) \
     -subj $subject
 file attributes "ca.cert" \

diff --git a/bin/update b/bin/update
index 7031c25..bc68410 100755 (executable)
--- a/bin/update
+++ b/bin/update
@@ -50,6 +50,7 @@ archive-certificates
 exec openssl ca -config "etc/openssl.conf" -updatedb 2>@1
 
 ## Generate a CRL.
-exec openssl ca -config "etc/openssl.conf" -gencrl -out "crl" 2>@1
+exec openssl ca -config "etc/openssl.conf" -gencrl | \
+    openssl crl -text -out "crl" 2>@1
 
 ###----- That's all, folks --------------------------------------------------