Commit Graph

39 次程式碼提交

作者 SHA1 備註 提交日期
Thomas Preud'homme bfa3d78fca Fix ssl_mgmt after openssl -text output change
The output of openssl x509 -text changed from lines like:

O=foo/OU=bar

to lines like:

O = foo, OU = bar

This commit adapts the code to that change. TODO: A machine readable
output ought to be used instead.
2018-05-31 20:46:46 +01:00
Thomas Preud'homme 519303988c [ssl_mgmt] Set ownership and rights of keycert 2014-11-04 23:02:27 +00:00
Thomas Preud'homme ccfdd24ff3 [ssl_mgmt] Set CA:FALSE constraint for certs 2014-11-04 22:18:42 +00:00
Thomas Preud'homme d991b290bf [ssl_mgmt] Install cert before taking its hash
Install the certificate before taking the fingerprint of the installed
certificate for mailing the administrators.
2014-11-04 21:19:51 +00:00
Thomas Preud'homme 87f906c6a7 [ssl_mgmt] Ensure version 3 certificate are used 2014-09-12 22:04:58 +08:00
Thomas Preud'homme df4dc8863e [ssl_mgmt] Create workdir before running tests 2014-09-12 21:52:18 +08:00
Thomas Preud'homme 72c930a8b8 [ssl_mgmt] Sign email sent to notifiedUsers 2014-05-19 23:21:20 +08:00
Thomas Preud'homme de8cb3e014 [ssl_mgmt] Use nobody to test email
nobody should be present on most (all?) unix system and is thus better
for test. However it's still not ideal as it might be connected to an
account that is not the one running the testsuite and the mail might
surprise that user.
2014-05-19 21:11:28 +08:00
Thomas Preud'homme 69ae81d098 [ssl_mgmt] Add a TODO file 2014-05-11 15:42:02 +08:00
Thomas Preud'homme 39da9a23b6 [ssl_mgmt] group cmd to set ownership+rights 2014-05-11 15:03:55 +08:00
Thomas Preud'homme 9d5b8c1e9c [ssl_mgmt] Add tests for sanity checks 2014-05-11 15:03:55 +08:00
Thomas Preud'homme 3a7e4edaeb [ssl_mgmt] Only set ownership & rights if gen ok
Only set ownership and rights if generated file are not corrupted and
certificate match the private key.
2014-05-11 15:03:55 +08:00
Thomas Preud'homme 107a5327f4 [ssl_mgmt] Add automated testsuite 2014-05-11 15:03:55 +08:00
Thomas Preud'homme 7c3cb1e960 [ssl_mgmt] Exit if missing file or rights 2014-05-11 15:03:55 +08:00
Thomas Preud'homme 7bc13c2c89 [ssl_mgmt] Add some sanity checks
Check openssl can read both certificate and key and that they match each
other.
2014-05-11 15:03:54 +08:00
Thomas Preud'homme b1acbe2a70 [ssl_mgmt] Send all warning echo to stderr
Fix echos introduced 2 commits ago with parts of the messages sent to
stdout and the other parts to stderr.
2014-05-05 23:40:05 +08:00
Thomas Preud'homme dba3360a3b [ssl_mgmt] Update documentation 2014-05-05 23:02:12 +08:00
Thomas Preud'homme 7510335e26 [ssl_mgmt] Change default to sane values
Now that our installation was migrating to saner places, change default
values.
2014-05-05 22:33:06 +08:00
Thomas Preud'homme 92962f6168 [ssl_mgmt] Fix copying of user/group ownership 2014-05-04 23:26:29 +08:00
Thomas Preud'homme 4f51528611 [ssl_mgmt] Send email with new fingerprints 2014-05-03 21:32:11 +08:00
Thomas Preud'homme 27630ea277 Add simple test infrastructure 2014-05-03 21:30:46 +08:00
Thomas Preud'homme b1b4251233 [ssl_mgmt] Fail instead of sudo if rights not ok 2014-05-03 17:54:35 +08:00
Thomas Preud'homme 001fbf5499 [ssl_mgmt] Add debian-admin openssl howto
Add debian-admin article used as main documentation for developing this
script into the repository to be able to develop offline.
2014-05-03 17:54:31 +08:00
Thomas Preud'homme 8bf95f40af [ssl_mgmt] Stop hardcoding path
Replace hardcoded paths by a bunch of variables with default values and
that can be set from a configuration file. This should make testing much
more easy.
2014-05-03 17:54:31 +08:00
Thomas Preud'homme 01f601c8c2 [ssl_mgmt] Use SHA1 as default hash instead of MD5 2014-04-30 00:24:58 +08:00
Thomas Preud'homme 1035fb13ac [ssl_mgmt] Comment out extensions with empty value 2014-04-29 22:22:57 +08:00
Thomas Preud'homme 0f52180d60 [ssl_mgmt] Fix subject alternative name detection 2014-03-09 21:00:24 +08:00
Thomas Preud'homme 8deba57b8d [ssl_mgmt] Add option to avoid overwrite 2014-03-09 20:39:36 +08:00
Thomas Preud'homme 9f7a2c6c06 [ssl_mgmt] Add comments to functions missing one 2014-03-09 20:39:36 +08:00
Thomas Preud'homme c76bf20637 [ssl_mgmt] Alert user if no overwrite occur 2014-03-09 20:39:36 +08:00
Thomas Preud'homme 2674b4341d [ssl_mgmt] copy access right from existing file 2014-03-09 20:39:36 +08:00
Thomas Preud'homme 1309f7d718 [ssl_mgmt] Fix support for empty field values 2014-03-09 20:39:36 +08:00
Thomas Preud'homme 6a92f1c01c [ssl_mgmt] Only overwrite openssl.cnf when ready 2014-03-09 20:29:24 +08:00
Thomas Preud'homme b080b227a2 [ssl_mgmt] Fix usage of EDITOR 2014-03-09 20:29:24 +08:00
Thomas Preud'homme cd637fbbfa [ssl_mgmt] Allow to specify a cert file 2014-03-09 20:29:22 +08:00
Thomas Preud'homme d6f92888a8 [ssl_mgmt] Add option to only generate openssl.cnf 2014-03-09 20:28:46 +08:00
Thomas Preud'homme e428424cf0 [ssl_mgmt] Change pattern delimiter: s/#/@/ 2014-03-09 20:06:50 +08:00
Matteo Cypriani 236e5afe48 [ssl_mgmt] Typos & comments' translation 2012-02-20 17:40:09 +01:00
Thomas Preud'homme 2b6d07e80b Add ssl_mgmt script 2012-02-20 17:23:51 +01:00