Mercurial > hg > freeDiameter
changeset 147:de0f9f43d659
Fix, bis
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Tue, 22 Dec 2009 13:49:54 +0900 |
parents | 93acf84e7ea9 |
children | 7221f5de0302 |
files | contrib/ca_script2/Makefile contrib/ca_script2/openssl.cnf |
diffstat | 2 files changed, 7 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/contrib/ca_script2/Makefile Tue Dec 22 13:40:31 2009 +0900 +++ b/contrib/ca_script2/Makefile Tue Dec 22 13:49:54 2009 +0900 @@ -102,7 +102,7 @@ @ln -s ../$(ca) $(DATA_DIR)/$(name)/parent @cat $(DATA_DIR)/$(ca)/public/cachain.pem $(DATA_DIR)/$(name)/public/cacert.pem > $(DATA_DIR)/$(name)/public/cachain.pem @ln -s ../../$(ca)/public/caroot.pem $(DATA_DIR)/$(name)/public/caroot.pem - @for CRL in `cd $(DATA_DIR)/$(ca)/public/crl && ls -1`; do ln -sf ../../../$(ca)/public/crl/$(CRL) $(DATA_DIR)/$(name)/public/crl/$(CRL); done + @for CRLFILE in `cd $(DATA_DIR)/$(ca)/public/crl && ls -1`; do ln -sf ../../../$(ca)/public/crl/$(CRLFILE) $(DATA_DIR)/$(name)/public/crl/$(CRLFILE); done @$(REMAKE) gencrl ca=$(name) # Create a new certificate for use in TLS communications and other terminal usages @@ -148,8 +148,10 @@ # Regenerate the Certificate Revocation List. gencrl: @if [ -z "$(ca)" ]; then echo "Missing parameter. Ex: make gencrl ca=ca.testbed.aaa"; exit 1; fi - # Create the CRL (keep the old one?) + # Create the CRL + @rm -f $(DATA_DIR)/$(ca)/public/crl/local.pem @CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -gencrl -out $(DATA_DIR)/$(ca)/public/crl/$(ca).pem - @ln -s crl.pem $(DATA_DIR)/$(ca)/public/`openssl crl -noout -hash < $(DATA_DIR)/$(ca)/public/crl/$(ca).pem`.r0 + @ln -s $(ca).pem $(DATA_DIR)/$(ca)/public/crl/local.pem + @ln -s crl/$(ca).pem $(DATA_DIR)/$(ca)/public/`openssl crl -noout -hash < $(DATA_DIR)/$(ca)/public/crl/$(ca).pem`.r0 # End of file...
--- a/contrib/ca_script2/openssl.cnf Tue Dec 22 13:40:31 2009 +0900 +++ b/contrib/ca_script2/openssl.cnf Tue Dec 22 13:49:54 2009 +0900 @@ -60,7 +60,7 @@ dir = $ENV::CA_ROOT_DIR # Where everything is kept certs = $dir/public # Where the issued certs are kept -crl_dir = $dir/public # Where the issued crl are kept +crl_dir = $dir/public/crl # Where the issued crl are kept database = $dir/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of # several ctificates with same subject. @@ -69,7 +69,7 @@ certificate = $dir/public/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number -crl = $dir/public/crl.pem # The current CRL +crl = $dir/public/crl/local.pem # The current CRL private_key = $dir/private/cakey.pem # The private key x509_extensions = usr_cert # The extentions to add to the cert # overwrite with -extensions