-/* $OpenBSD: ikeca.c,v 1.45 2017/05/31 06:46:57 jsg Exp $ */
+/* $OpenBSD: ikeca.c,v 1.46 2017/06/08 11:45:44 jsg Exp $ */
/*
* Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org>
int ca_sign(struct ca *, char *, int);
int ca_request(struct ca *, char *, int);
void ca_newpass(char *, char *);
-char *ca_readpass(char *, size_t *);
int fcopy(char *, char *, mode_t);
void fcopy_env(const char *, const char *, mode_t);
int rm_dir(char *);
return (0);
}
-char *
-ca_readpass(char *path, size_t *len)
-{
- FILE *f;
- char *p, *r;
-
- if ((f = fopen(path, "r")) == NULL) {
- warn("fopen %s", path);
- return (NULL);
- }
-
- if ((p = fgetln(f, len)) != NULL) {
- if ((r = malloc(*len + 1)) == NULL)
- err(1, "malloc");
- memcpy(r, p, *len);
- if (r[*len - 1] == '\n')
- r[*len - 1] = '\0';
- else
- r[*len] = '\0';
- } else
- r = NULL;
-
- fclose(f);
-
- return (r);
-}
-
/* create index if it doesn't already exist */
void
ca_create_index(struct ca *ca)
struct stat st;
char cmd[PATH_MAX * 2];
char path[PATH_MAX];
- char *pass;
- size_t len;
if (keyname) {
snprintf(path, sizeof(path), "%s/%s.crt",
}
}
- snprintf(path, sizeof(path), "%s/ikeca.passwd", ca->sslpath);
- pass = ca_readpass(path, &len);
- if (pass == NULL)
- errx(1, "could not open passphrase file");
-
ca_create_index(ca);
ca_setenv("$ENV::CADB", ca->index);
if (keyname) {
snprintf(cmd, sizeof(cmd),
"%s ca %s-config %s -keyfile %s/private/ca.key"
- " -key %s"
+ " -passin file:%s"
" -cert %s/ca.crt"
" -revoke %s/%s.crt",
PATH_OPENSSL, ca->batch, ca->sslcnf,
- ca->sslpath, pass, ca->sslpath, ca->sslpath, keyname);
+ ca->sslpath, ca->passfile, ca->sslpath, ca->sslpath, keyname);
system(cmd);
}
snprintf(cmd, sizeof(cmd),
"%s ca %s-config %s -keyfile %s/private/ca.key"
- " -key %s"
+ " -passin file:%s"
" -gencrl"
" -cert %s/ca.crt"
" -crldays 365"
" -out %s/ca.crl",
PATH_OPENSSL, ca->batch, ca->sslcnf, ca->sslpath,
- pass, ca->sslpath, ca->sslpath);
+ ca->passfile, ca->sslpath, ca->sslpath);
system(cmd);
- freezero(pass, len);
return (0);
}
projects / openbsd / commitdiff