[crypto-utils] genkey: skip temporary cert generation for CSR case
jorton
jorton at fedoraproject.org
Thu Feb 13 13:02:00 UTC 2014
commit abc69c0f6cc2344a8bbe92f46af18de4d26984f5
Author: Joe Orton <jorton at redhat.com>
Date: Thu Feb 13 13:02:36 2014 +0000
genkey: skip temporary cert generation for CSR case
crypto-utils.spec | 5 ++++-
genkey.pl | 26 +++++++++++---------------
2 files changed, 15 insertions(+), 16 deletions(-)
---
diff --git a/crypto-utils.spec b/crypto-utils.spec
index e185c4a..36b293d 100644
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@@ -4,7 +4,7 @@
Summary: SSL certificate and key management utilities
Name: crypto-utils
Version: 2.4.1
-Release: 49%{?dist}
+Release: 50%{?dist}
Group: Applications/System
# certwatch.c is GPLv2
# pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
@@ -135,6 +135,9 @@ chmod -R u+w $RPM_BUILD_ROOT
%{perl_vendorarch}/auto/Crypt
%changelog
+* Thu Feb 13 2014 Joe Orton <jorton at redhat.com> - 2.4.1-50
+- genkey: skip temporary cert generation for CSR case
+
* Thu Feb 13 2014 Joe Orton <jorton at redhat.com> - 2.4.1-49
- genkey: fix noise file handling
diff --git a/genkey.pl b/genkey.pl
index 3f02276..646cad0 100644
--- a/genkey.pl
+++ b/genkey.pl
@@ -1075,7 +1075,10 @@ sub makeCertOpenSSL
exit 1;
}
}
- unlink($noisefile);
+ if ($noisefile) {
+ unlink($noisefile);
+ $noisefile = '';
+ }
}
# Create a certificate-signing request file that can be submitted to a
@@ -1430,20 +1433,13 @@ sub genReqWindow
$subject, 730, $randfile, $tmpPasswordFile);
}
-# Now make a temporary cert
-
- if (!$genreq_mode) {
- if (!-f $certfile) {
- if ($nss) {
- makeCertNSS($certfile,
- $subject, $cert_days, $nssNickname,
- $randfile, $tmpPasswordFile);
- } else {
- makeCertOpenSSL($keyfile,$certfile,
- $subject, $cert_days,
- $randfile, $tmpPasswordFile);
- }
- }
+
+ # Now make a temporary cert; skip for OpenSSL since it would
+ # overwrite the existing key.
+ if (!$genreq_mode && !-f $certfile && $nss) {
+ makeCertNSS($certfile,
+ $subject, $cert_days, $nssNickname,
+ $randfile, $tmpPasswordFile);
}
undef $csrtext;
More information about the scm-commits
mailing list