From 7d993891a3a9a83577d70e78493de7a51b830fad Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sat, 1 Dec 2012 13:40:23 +0000 Subject: [PATCH] bin: Produce output PEM files with text descriptions of their contents. This makes them easier to read. There's a slight risk of someone being confused by a malicious file whose text representation doesn't contain an accurate description of the actual contents, but I think that's a fairly minor consideration. The files are also larger than they were previously, but we'll have to put up with that. --- bin/add | 2 +- bin/setup | 2 +- bin/update | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/add b/bin/add index 1c2ae81..6bd128b 100755 --- a/bin/add +++ b/bin/add @@ -77,7 +77,7 @@ db transaction { ## Copy the file away. fresh-temp "$CERTROOT/tmp" tmp { - file copy $file $tmp + exec openssl req -text -in $file -out $tmp } cleanup { file delete $tmp } diff --git a/bin/setup b/bin/setup index ab3d0b2..845c2a4 100755 --- a/bin/setup +++ b/bin/setup @@ -64,7 +64,7 @@ make-directories 0750 "private" set subject "" foreach {attr value} $C(ca-name) { append subject "/$attr=$value" } exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf" \ - -out "ca.cert" -keyout "private/ca.key" \ + -text -out "ca.cert" -keyout "private/ca.key" \ -new -x509 -days $C(ca-period) \ -subj $subject file attributes "ca.cert" \ diff --git a/bin/update b/bin/update index 7031c25..bc68410 100755 --- a/bin/update +++ b/bin/update @@ -50,6 +50,7 @@ archive-certificates exec openssl ca -config "etc/openssl.conf" -updatedb 2>@1 ## Generate a CRL. -exec openssl ca -config "etc/openssl.conf" -gencrl -out "crl" 2>@1 +exec openssl ca -config "etc/openssl.conf" -gencrl | \ + openssl crl -text -out "crl" 2>@1 ###----- That's all, folks -------------------------------------------------- -- 2.11.0