Enable nss cert renewal and disable the pem one

2008-10-26 23:34:27 +00:00 · 2008-10-26 23:34:27 +00:00 · 62a0a5d953
parent 024d17d7f2
commit 62a0a5d953
1 changed files with 25 additions and 31 deletions
--- a/genkey.pl
+++ b/genkey.pl
@ -76,6 +76,7 @@ Usage: genkey [options] servername
    --renew  CSR is for cert renewal, reusing existing key pair, openssl certs only
    --cacert Renewal is for a CA certificate, needed for openssl certs only
    --nss    Use the nss database for keys and certificates
    --gdb    For package maintainers, to trace into the nss utilities
 EOH
    exit 1;
 }
@ -128,13 +129,15 @@ my $cacert = '';
 my $modNssDbDir = '';
 my $nssNickname = '';
 my $nssDBPrefix = '';
 my $gdb = '';
 GetOptions('test|t' => \$test_mode, 
           'genreq' => \$genreq_mode,
           'days=i' => \$cert_days,
-	       'renew'  => \$renew,
+           'renew'  => \$renew,
-	       'cacert' => \$cacert,
+           'cacert' => \$cacert,
           'nss|n'  => \$nss,
-	       'makeca' => \$ca_mode) or usage();
+           'gdb'    => \$gdb,
           'makeca' => \$ca_mode) or usage();
 usage() unless @ARGV != 0;
 $skip_random = $test_mode;
 $overwrite_key = $test_mode;
@ -901,10 +904,12 @@ sub nssUtilCmd {
    Newt::Suspend();
    print STDOUT "$cmd $args"."\n";
    $! = '';
-    system("$cmd $args");
+    if ($gdb) {
-    # change to system("gdb $cmd");
+        system("gdb $cmd");
-    # to break into the debugger
+    } else {
-    print STDERR "$cmd returned $!"."\n" if $!;
+        system("$cmd $args");
        print STDERR "$cmd returned $!"."\n" if $!;
    }
    Newt::Resume();
 }
@ -1006,7 +1011,7 @@ sub makeCertOpenSSL
    $args   .= "-z $noisefile " if $noisefile;
    $args   .= "-e $pwdfile "   if $pwdfile; 
              # there is no password when the
-              # user wants the key in the clar
+              # user wants the key in the clear
    $args   .= "-o $certfile ";
    $args   .= "-k $keyfile";
@ -1136,6 +1141,7 @@ sub renewCertOpenSSL
    $args   .= "--renew $certfile "; 
    $args   .= "--input $keyfile "; 
    $args   .= "--cacert " if $cacert;
    $args   .= "--filepwdnss $pwdfile " if $pwdfile;    
    $args   .= "--validity $months "; 
    $args   .= "--out $csrfile ";
@ -1341,31 +1347,19 @@ sub renewCert
    if ($nss) {
        # Renew cert in the nss database
-        #
+        renewCertNSS($csrfile, $modNssDbDir, $nssDBPrefix, 
-        # Must wait until NSS 3.12.2 becomes available with the fix for
+                     $nssNickname, $days, $tmpPasswordFile);
-        # https://bugzilla.redhat.com/show_bug.cgi?id=346731
+    } else {
-        # <<certutil -R for cert renewal should derive the subject 
+        # Disabling renewal of certs in PEM files until a future relase
        #  from the cert if none is specified>>
        #  
        # renewCertNSS($csrfile, $modNssDbDir, $nssDBPrefix, $nssNickname, $days, $tmpPasswordFile);
 	    #
        # Until then bail out.
        #
        Newt::newtWinMessage("Error", "Close", 
-                 "Certificate renewal with NSS database not yet supported:".
+            "Certificate renewal from PEM files is not yet supported:".
-                 "\n\nPress return to exit");
+             "\n\nPress return to exit");
-        Newt::Finished();
+          Newt::Finished();
-        exit 1; 
+          exit 1;
    } else {	
        # Renew cert in a PEM file
        renewCertOpenSSL(
            $csrfile,
            $certfile, # contains cert to renew
            $keyfile,  # contains encrypted private key
            $cacert,
            $days);
        # Enable this when ready	
        # Renew cert in a PEM file
        #renewCertOpenSSL($csrfile, $certfile, $keyfile, $cacert, $days);
    }
 }