Bug#293821: Patch for ssl-cert: default cert life rather short

Wed, 24 Aug 2005 08:38:45 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

I finally got tired of having to manually edit the make-ssl-cert script
every time it got updated and add a -days X value so I wipped up the
following patch which makes the -days value be a debconf derived question.

Feel free to change the template question to match the wording you want.

- --
James A. Pattie
[EMAIL PROTECTED]

Linux -- SysAdmin / Programmer
Sudora, LLC
http://www.sudora.com/

GPG Key Available at https://services.sudora.com/gpgkeys/james.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDDJG/Sl+1j6z8MycRAgcCAJ9CltmdMx3jm/4IIAcIzH8t6sD+OQCfZXln
r3PWqdUUqI0Fx4RBOwVMgdY=
=/lft
-----END PGP SIGNATURE-----

diff -urN ssl-cert-1.0.orig/debian/templates ssl-cert-1.0/debian/templates
--- ssl-cert-1.0.orig/debian/templates	2005-01-07 10:05:49.000000000 -0600
+++ ssl-cert-1.0/debian/templates	2005-08-24 10:17:44.000000000 -0500
@@ -46,3 +46,9 @@
 Template: make-ssl-cert/title
 Type: title
 _Description: Configure an SSL Certificate.
+
+Template: make-ssl-cert/days
+Type: string
+_Default: 30
+_Description: Lifetime of Certificate in Days
+ How many days should this certificate be valid for.
diff -urN ssl-cert-1.0.orig/make-ssl-cert ssl-cert-1.0/make-ssl-cert
--- ssl-cert-1.0.orig/make-ssl-cert	2005-01-07 10:01:30.000000000 -0600
+++ ssl-cert-1.0/make-ssl-cert	2005-08-24 10:18:55.000000000 -0500
@@ -31,7 +31,7 @@
 db_capb backup
 db_settitle make-ssl-cert/title
 
-templates="countryname statename localityname organisationname ouname hostname email"
+templates="countryname statename localityname organisationname ouname hostname email days"
 
 for i in $templates; do
     RET=""
@@ -71,6 +71,10 @@
 Email="$RET"
 db_fset make-ssl-cert/email seen false
 
+db_get make-ssl-cert/days
+Days="$RET"
+db_fset make-ssl-cert/days seen false
+
 # # should be a less common char
 # problem is that openssl virtually accepts everything and we need to
 # sacrifice one char.
@@ -87,7 +91,7 @@
     $template > $TMPFILE
 
 export RANDFILE=/dev/random
-openssl req -config $TMPFILE -new -x509 -nodes -out $output \
+openssl req -config $TMPFILE -new -x509 -days $Days -nodes -out $output \
     -keyout $output
 chmod 600 $output

Reply via email to