From d938afb0219debb3ac27eed75c7fc75260ee162f Mon Sep 17 00:00:00 2001 From: Victor Seva Date: Thu, 17 Dec 2015 10:20:34 +0100 Subject: [PATCH] MT#16933 tools/generate_ssl_keys.sh: force days argument at x509 'default_days' value is at our opensslcnf.cnf but it seems that it is not been used Change-Id: Ibd4148c70c215340ac9053fa56c6a8f9247648db --- tools/generate_ssl_keys.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tools/generate_ssl_keys.sh b/tools/generate_ssl_keys.sh index 3962fb11f5..47b4c02f4b 100755 --- a/tools/generate_ssl_keys.sh +++ b/tools/generate_ssl_keys.sh @@ -34,19 +34,25 @@ umask 077 echo "Generating OpenSSL certificate files in directory ${DEST}:" +DAYS="$(sed -ne 's/^default_days[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p;Tn;q;:n' \ + "${OPENSSL_CONFIG}")" + if [ "$SKIP_CSR" = "true" ] ; then echo "Skipping generation of csr file as requested via SKIP_CSR environment variable." echo "Generating only key and crt files now." - /usr/bin/openssl req -x509 \ + /usr/bin/openssl req -x509 -days "${DAYS}" \ -config "${OPENSSL_CONFIG}" \ -newkey rsa:4096 \ -keyout "${KEY_FILE}" \ -out "${CRT_FILE}" \ -nodes -batch else - /usr/bin/openssl genrsa -out "${KEY_FILE}" 4096 -config "${OPENSSL_CONFIG}" -batch - /usr/bin/openssl req -new -out "${CSR_FILE}" -key "${KEY_FILE}" -config "${OPENSSL_CONFIG}" -batch - /usr/bin/openssl x509 -req -in "${CSR_FILE}" -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}" + /usr/bin/openssl genrsa -out "${KEY_FILE}" 4096 \ + -config "${OPENSSL_CONFIG}" -batch + /usr/bin/openssl req -new -out "${CSR_FILE}" \ + -key "${KEY_FILE}" -config "${OPENSSL_CONFIG}" -batch + /usr/bin/openssl x509 -days "${DAYS}" -req -in "${CSR_FILE}" \ + -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}" fi chmod 640 "${KEY_FILE}" "${CRT_FILE}"