Thomas Preud'homme
bfa3d78fca
Fix ssl_mgmt after openssl -text output change
...
The output of openssl x509 -text changed from lines like:
O=foo/OU=bar
to lines like:
O = foo, OU = bar
This commit adapts the code to that change. TODO: A machine readable
output ought to be used instead.
2018-05-31 20:46:46 +01:00
Thomas Preud'homme
519303988c
[ssl_mgmt] Set ownership and rights of keycert
2014-11-04 23:02:27 +00:00
Thomas Preud'homme
ccfdd24ff3
[ssl_mgmt] Set CA:FALSE constraint for certs
2014-11-04 22:18:42 +00:00
Thomas Preud'homme
d991b290bf
[ssl_mgmt] Install cert before taking its hash
...
Install the certificate before taking the fingerprint of the installed
certificate for mailing the administrators.
2014-11-04 21:19:51 +00:00
Thomas Preud'homme
87f906c6a7
[ssl_mgmt] Ensure version 3 certificate are used
2014-09-12 22:04:58 +08:00
Thomas Preud'homme
df4dc8863e
[ssl_mgmt] Create workdir before running tests
2014-09-12 21:52:18 +08:00
Thomas Preud'homme
72c930a8b8
[ssl_mgmt] Sign email sent to notifiedUsers
2014-05-19 23:21:20 +08:00
Thomas Preud'homme
de8cb3e014
[ssl_mgmt] Use nobody to test email
...
nobody should be present on most (all?) unix system and is thus better
for test. However it's still not ideal as it might be connected to an
account that is not the one running the testsuite and the mail might
surprise that user.
2014-05-19 21:11:28 +08:00
Thomas Preud'homme
69ae81d098
[ssl_mgmt] Add a TODO file
2014-05-11 15:42:02 +08:00
Thomas Preud'homme
39da9a23b6
[ssl_mgmt] group cmd to set ownership+rights
2014-05-11 15:03:55 +08:00
Thomas Preud'homme
9d5b8c1e9c
[ssl_mgmt] Add tests for sanity checks
2014-05-11 15:03:55 +08:00
Thomas Preud'homme
3a7e4edaeb
[ssl_mgmt] Only set ownership & rights if gen ok
...
Only set ownership and rights if generated file are not corrupted and
certificate match the private key.
2014-05-11 15:03:55 +08:00
Thomas Preud'homme
107a5327f4
[ssl_mgmt] Add automated testsuite
2014-05-11 15:03:55 +08:00
Thomas Preud'homme
7c3cb1e960
[ssl_mgmt] Exit if missing file or rights
2014-05-11 15:03:55 +08:00
Thomas Preud'homme
7bc13c2c89
[ssl_mgmt] Add some sanity checks
...
Check openssl can read both certificate and key and that they match each
other.
2014-05-11 15:03:54 +08:00
Thomas Preud'homme
b1acbe2a70
[ssl_mgmt] Send all warning echo to stderr
...
Fix echos introduced 2 commits ago with parts of the messages sent to
stdout and the other parts to stderr.
2014-05-05 23:40:05 +08:00
Thomas Preud'homme
dba3360a3b
[ssl_mgmt] Update documentation
2014-05-05 23:02:12 +08:00
Thomas Preud'homme
7510335e26
[ssl_mgmt] Change default to sane values
...
Now that our installation was migrating to saner places, change default
values.
2014-05-05 22:33:06 +08:00
Thomas Preud'homme
92962f6168
[ssl_mgmt] Fix copying of user/group ownership
2014-05-04 23:26:29 +08:00
Thomas Preud'homme
4f51528611
[ssl_mgmt] Send email with new fingerprints
2014-05-03 21:32:11 +08:00
Thomas Preud'homme
27630ea277
Add simple test infrastructure
2014-05-03 21:30:46 +08:00
Thomas Preud'homme
b1b4251233
[ssl_mgmt] Fail instead of sudo if rights not ok
2014-05-03 17:54:35 +08:00
Thomas Preud'homme
001fbf5499
[ssl_mgmt] Add debian-admin openssl howto
...
Add debian-admin article used as main documentation for developing this
script into the repository to be able to develop offline.
2014-05-03 17:54:31 +08:00
Thomas Preud'homme
8bf95f40af
[ssl_mgmt] Stop hardcoding path
...
Replace hardcoded paths by a bunch of variables with default values and
that can be set from a configuration file. This should make testing much
more easy.
2014-05-03 17:54:31 +08:00
Thomas Preud'homme
01f601c8c2
[ssl_mgmt] Use SHA1 as default hash instead of MD5
2014-04-30 00:24:58 +08:00
Thomas Preud'homme
1035fb13ac
[ssl_mgmt] Comment out extensions with empty value
2014-04-29 22:22:57 +08:00
Thomas Preud'homme
0f52180d60
[ssl_mgmt] Fix subject alternative name detection
2014-03-09 21:00:24 +08:00
Thomas Preud'homme
8deba57b8d
[ssl_mgmt] Add option to avoid overwrite
2014-03-09 20:39:36 +08:00
Thomas Preud'homme
9f7a2c6c06
[ssl_mgmt] Add comments to functions missing one
2014-03-09 20:39:36 +08:00
Thomas Preud'homme
c76bf20637
[ssl_mgmt] Alert user if no overwrite occur
2014-03-09 20:39:36 +08:00
Thomas Preud'homme
2674b4341d
[ssl_mgmt] copy access right from existing file
2014-03-09 20:39:36 +08:00
Thomas Preud'homme
1309f7d718
[ssl_mgmt] Fix support for empty field values
2014-03-09 20:39:36 +08:00
Thomas Preud'homme
6a92f1c01c
[ssl_mgmt] Only overwrite openssl.cnf when ready
2014-03-09 20:29:24 +08:00
Thomas Preud'homme
b080b227a2
[ssl_mgmt] Fix usage of EDITOR
2014-03-09 20:29:24 +08:00
Thomas Preud'homme
cd637fbbfa
[ssl_mgmt] Allow to specify a cert file
2014-03-09 20:29:22 +08:00
Thomas Preud'homme
d6f92888a8
[ssl_mgmt] Add option to only generate openssl.cnf
2014-03-09 20:28:46 +08:00
Thomas Preud'homme
e428424cf0
[ssl_mgmt] Change pattern delimiter: s/#/@/
2014-03-09 20:06:50 +08:00
Matteo Cypriani
236e5afe48
[ssl_mgmt] Typos & comments' translation
2012-02-20 17:40:09 +01:00
Thomas Preud'homme
2b6d07e80b
Add ssl_mgmt script
2012-02-20 17:23:51 +01:00