From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 1 Dec 2012 20:01:27 +0000 (+0000)
Subject: Merge branch 'master' of git://git.distorted.org.uk/~mdw/ca
X-Git-Url: https://git.distorted.org.uk/~mdw/ca/commitdiff_plain/ca2cccd082ee593d1593cac40dd51eee98890707?hp=c4e3d3a6add39811cbae3ce697c1a5d9f7246d6a

Merge branch 'master' of git://git.distorted.org.uk/~mdw/ca

* 'master' of git://git.distorted.org.uk/~mdw/ca:
  lib/func.tcl: Hack output of `openssl dgst -hex'.
  etc/openssl.conf: Allow `keyEncipherment' for TLS clients.
---

diff --git a/etc/openssl.conf b/etc/openssl.conf
index 1accc80..1fe673a 100644
--- a/etc/openssl.conf
+++ b/etc/openssl.conf
@@ -103,7 +103,7 @@ crlDistributionPoints = URI:http://www.distorted.org.uk/ca/crl
 
 [tls-client-extensions]
 basicConstraints = critical, CA:FALSE
-keyUsage = critical, digitalSignature
+keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
diff --git a/lib/func.tcl b/lib/func.tcl
index 04bd206..1f73008 100644
--- a/lib/func.tcl
+++ b/lib/func.tcl
@@ -448,10 +448,10 @@ proc sync-profiles {} {
 proc req-key-hash {file} {
   ## Return the key hash from the certificate request in FILE.
 
-  return [exec \
+  return [lindex [exec \
 	      openssl req -in $file -noout -pubkey | \
 	      openssl rsa 2>/dev/null -pubin -outform der | \
-	      openssl dgst -sha256 -hex]
+	      openssl dgst -sha256 -hex] end]
 }
 
 proc req-dn {file} {
@@ -466,10 +466,10 @@ proc req-dn {file} {
 proc cert-key-hash {file} {
   ## Return the key hash from the certificate in FILE.
 
-  return [exec \
+  return [lindex [exec \
 	      openssl x509 -in $file -noout -pubkey | \
 	      openssl rsa 2>/dev/null -pubin -outform der | \
-	      openssl dgst -sha256 -hex]
+	      openssl dgst -sha256 -hex] end]
 }
 
 proc cert-dn {file} {