diff options
author | Andrew Galante <drew@perfectco.com> | 2021-01-08 13:27:49 -0800 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-11-16 15:48:08 +0000 |
commit | 3066cf2614d22182ae0dafd4557a96ab6b698d4f (patch) | |
tree | 829e4160fe1fae7d644b4d099e0136589971bc4e /apps/CA.pl.in | |
parent | 8c08c8b37cab0eb66ca74fc65a40af3ccec77c00 (diff) |
Abstract out policy and extensions in CA.pl
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13819)
Diffstat (limited to 'apps/CA.pl.in')
-rw-r--r-- | apps/CA.pl.in | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/apps/CA.pl.in b/apps/CA.pl.in index f029470005..2c31ee6c8d 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -36,6 +36,8 @@ my $CACERT = "cacert.pem"; my $CACRL = "crl.pem"; my $DAYS = "-days 365"; my $CADAYS = "-days 1095"; # 3 years +my $EXTENSIONS = "-extensions v3_ca"; +my $POLICY = "-policy policy_anything"; my $NEWKEY = "newkey.pem"; my $NEWREQ = "newreq.pem"; my $NEWCERT = "newcert.pem"; @@ -179,7 +181,7 @@ if ($WHAT eq '-newcert' ) { $RET = run("$CA -create_serial" . " -out ${CATOP}/$CACERT $CADAYS -batch" . " -keyfile ${CATOP}/private/$CAKEY -selfsign" - . " -extensions v3_ca" + . " $EXTENSIONS" . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0; print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; } @@ -191,19 +193,19 @@ if ($WHAT eq '-newcert' ) { . " -export -name \"$cname\" $EXTRA{pkcs12}"); print "PKCS #12 file is in $NEWP12\n" if $RET == 0; } elsif ($WHAT eq '-xsign' ) { - $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}"); + $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}"); } elsif ($WHAT eq '-sign' ) { - $RET = run("$CA -policy policy_anything -out $NEWCERT" + $RET = run("$CA $POLICY -out $NEWCERT" . " -infiles $NEWREQ $EXTRA{ca}"); print "Signed certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-signCA' ) { - $RET = run("$CA -policy policy_anything -out $NEWCERT" - . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}"); + $RET = run("$CA $POLICY -out $NEWCERT" + . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}"); print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-signcert' ) { $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ" . " -out tmp.pem $EXTRA{x509}"); - $RET = run("$CA -policy policy_anything -out $NEWCERT" + $RET = run("$CA $POLICY -out $NEWCERT" . "-infiles tmp.pem $EXTRA{ca}") if $RET == 0; print "Signed certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-verify' ) { |