diff options
| author | Kim Alvefur <zash@zash.se> | 2012-05-09 00:33:55 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2012-05-09 00:33:55 +0200 |
| commit | 3da90f3bb57aa94cb8e70852415f6333b212a2c4 (patch) | |
| tree | 8302e952b84bf758f5e0f0c27e04fa5ed5ad8160 /prosodyctl | |
| parent | cc2c3463a0a968b75cd1427d60f354650f2def7d (diff) | |
| download | prosody-3da90f3bb57aa94cb8e70852415f6333b212a2c4.tar.gz prosody-3da90f3bb57aa94cb8e70852415f6333b212a2c4.zip | |
prosodyctl: Use util.openssl in certificate helpers. Improve feedback
Diffstat (limited to 'prosodyctl')
| -rwxr-xr-x | prosodyctl | 49 |
1 files changed, 28 insertions, 21 deletions
@@ -613,14 +613,10 @@ function commands.unregister(arg) return 1; end -local x509 = require "util.x509"; -local genx509san = x509.genx509san; -local opensslbaseconf = x509.baseconf; -local seralizeopensslbaseconf = x509.serialize_conf; +local openssl = require "util.openssl"; local cert_commands = {}; --- TODO Should this be moved to util.prosodyctl or x509? function cert_commands.config(arg) if #arg >= 1 and arg[1] ~= "--help" then local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; @@ -628,8 +624,8 @@ function cert_commands.config(arg) and not show_yesno("Overwrite "..conf_filename .. "?") then return nil, conf_filename; end - local conf = opensslbaseconf(); - conf.subject_alternative_name = genx509san(hosts, config, arg, true) + local conf = openssl.config.new(); + conf:from_prosody(hosts, config, arg); for k, v in pairs(conf.distinguished_name) do local nv; if k == "commonName" then @@ -642,7 +638,7 @@ function cert_commands.config(arg) conf.distinguished_name[k] = nv ~= "." and nv or nil; end local conf_file = io.open(conf_filename, "w"); - conf_file:write(seralizeopensslbaseconf(conf)); + conf_file:write(conf:serialize()); conf_file:close(); print(""); show_message("Config written to " .. conf_filename); @@ -655,15 +651,19 @@ end function cert_commands.key(arg) if #arg >= 1 and arg[1] ~= "--help" then local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; - if os.execute("test -f "..key_filename) == 0 - and not show_yesno("Overwrite "..key_filename .. "?") then - return nil, key_filename; + if os.execute("test -f "..key_filename) == 0 then + if not show_yesno("Overwrite "..key_filename .. "?") then + return nil, key_filename; + end + os.remove(key_filename); -- We chmod this file to not have write permissions end local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); - os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size))); - os.execute(("chmod 400 %s"):format(key_filename)); - show_message("Key written to ".. key_filename); - return nil, key_filename; + if openssl.genrsa{out=key_filename, key_size} then + os.execute(("chmod 400 '%s'"):format(key_filename)); + show_message("Key written to ".. key_filename); + return nil, key_filename; + end + show_message("There was a problem, see OpenSSL output"); else show_usage("cert key HOSTNAME <bits>", "Generates a RSA key") end @@ -678,9 +678,11 @@ function cert_commands.request(arg) end local _, key_filename = cert_commands.key({arg[1]}); local _, conf_filename = cert_commands.config({arg[1]}); - os.execute(("openssl req -new -key %s -utf8 -config %s -out %s") - :format(key_filename, conf_filename, req_filename)); - show_message("Certificate request written to ".. req_filename); + if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then + show_message("Certificate request written to ".. req_filename); + else + show_message("There was a problem, see OpenSSL output"); + end else show_usage("cert request HOSTNAME", "Generates a certificate request") end @@ -695,9 +697,14 @@ function cert_commands.generate(arg) end local _, key_filename = cert_commands.key({arg[1]}); local _, conf_filename = cert_commands.config({arg[1]}); - os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s") - :format(key_filename, conf_filename, cert_filename)); - show_message("Certificate written to ".. cert_filename); + local ret; + if key_filename and conf_filename and cert_filename + and openssl.req{new=true, x509=true, nodes=true, key=key_filename, + days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then + show_message("Certificate written to ".. cert_filename); + else + show_message("There was a problem, see OpenSSL output"); + end else show_usage("cert generate HOSTNAME", "Generates a self-signed certificate") end |