abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #759 from loop0day/gmca

Browse Source 
Improve gmca
This commit is contained in:
Zhi Guan
2019-08-13 17:07:57 +08:00
committed by GitHub
parent cb78796295 66cc664a23
commit 4cdaa8a24a
3 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
apps/gmca/gmca
View File

@@ -234,7 +234,7 @@ function signenccsr {
common_name=$1
csrfile="$ca_csr_dir/$common_name.csr"
subject="$user_dn_enc_prefix/CN=$common_name"
gmssl ca -config ./signenccsr.cnf -batch -subj=$subject -md $md -days 365 -outdir $ca_usercert_dir -infiles "$csrfile"
gmssl ca -config ./signenccsr.cnf -batch -subj=$subject -md $md -days 365 -outdir $ca_cert_dir -infiles "$csrfile"
}
function gencert {
@@ -277,7 +277,7 @@ function listcertsbyname {
function getcertbyserial {
#FIXME: check argument exist
local serial=$1
local cerfile=$ca_cert_dir/$serial.pem
local certfile=$ca_cert_dir/$serial.pem
gmssl x509 -in $certfile
}
@@ -320,6 +320,12 @@ function _revokecertfile {
#gmssl ca -config ./ca.cnf -valid $certfile
}
function revokecertbyname {
common_name=$1
serial=`awk -F'\t' '{print $2,$4,$6}' $ca_index_file | grep -E "CN=$common_name$" | awk '{print $2}'`
_revokecertfile "$ca_cert_dir/$serial.pem"
}
function revokecertbyserial {
serial=$1
_revokecertfile "$ca_cert_dir/$serial.pem"
@@ -408,6 +414,12 @@ case $opt in
shift
shift
;;
-signenccsr)
common_name="$2"
signenccsr "$common_name"
shift
shift
;;
-rejectcsr)
common_name="$2"
rejectcsr "$common_name"
@@ -420,6 +432,12 @@ case $opt in
shift
shift
;;
-genenccert)
common_name="$2"
genenccert $common_name
shift
shift
;;
-listcerts)
listcerts
shift
@@ -452,6 +470,12 @@ case $opt in
revokereasons
shift
;;
-revokecertbyname)
name="$2"
revokecertbyname "$name"
shift
shift
;;
-revokecert)
certfile="$2"
revokebycert "$certfile"

1
apps/gmca/signcsr.cnf
View File

@@ -186,6 +186,7 @@ basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
keyUsage = digitalSignature
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"

2
apps/gmca/signenccsr.cnf
View File

@@ -15,7 +15,7 @@ default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
dir = .ca # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.