From: ale Date: Thu, 7 Dec 2006 09:39:27 +0000 (+0000) Subject: dropped -selfsign option; revoke certificates that are re-generated but not expired... X-Git-Url: https://v.licheni.net/stack/cam.git/commitdiff_plain/922a15c7009f853accd86c0a8270fb18f0a6ead9 dropped -selfsign option; revoke certificates that are re-generated but not expired; fixes --- diff --git a/lib/cfg.pyc b/lib/cfg.pyc index a86d8be..ad590fa 100644 Binary files a/lib/cfg.pyc and b/lib/cfg.pyc differ diff --git a/lib/gen.py b/lib/gen.py index 526e52f..42795fe 100644 --- a/lib/gen.py +++ b/lib/gen.py @@ -33,6 +33,10 @@ def gen(tag): ans = raw_input('This certificate seems to exist already (in %s).\nAre you really sure that you want to re-create it? [y/N] ' % crt_file) if not ans or ans[0].lower() != 'y': sys.exit(0) + print 'Revoking previous certificate...' + openssl('ca', '-config', conf_file, + '-revoke', public_crt_file) + # create custom config file template(conf_file, diff --git a/lib/newca.py b/lib/newca.py index f036552..7519b31 100644 --- a/lib/newca.py +++ b/lib/newca.py @@ -47,7 +47,7 @@ def newca(): openssl('ca', '-config', conf_file, '-batch', '-keyfile', ca_key_file, - '-extensions', 'v3_ca', '-selfsign', + '-extensions', 'v3_ca', '-out', ca_file, '-infiles', ca_csr_file) openssl('ca', diff --git a/lib/utils.pyc b/lib/utils.pyc index fe39ff8..dbfbb24 100644 Binary files a/lib/utils.pyc and b/lib/utils.pyc differ