summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2017-05-24 13:16:00 +0200
committerThomas Deutschmann <whissi@gentoo.org>2017-05-24 13:16:00 +0200
commit8daf322064245417d95057131f89e4e4e1d75f96 (patch)
tree61bd3b121f546a4f895a0e5ce2c18a3663b510e4
parentdev-python/pycapnp: bump capnp dep (diff)
downloadgentoo-8daf322064245417d95057131f89e4e4e1d75f96.tar.gz
gentoo-8daf322064245417d95057131f89e4e4e1d75f96.tar.bz2
gentoo-8daf322064245417d95057131f89e4e4e1d75f96.zip
ssl-cert.eclass: Set default key length to 4096 bit and allow to specify message digest
-rw-r--r--eclass/ssl-cert.eclass8
1 files changed, 5 insertions, 3 deletions
diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass
index 6bec347234d4..bfe5291314c0 100644
--- a/eclass/ssl-cert.eclass
+++ b/eclass/ssl-cert.eclass
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: ssl-cert.eclass
@@ -66,7 +66,8 @@ gen_cnf() {
# These can be overridden in the ebuild
SSL_DAYS="${SSL_DAYS:-730}"
- SSL_BITS="${SSL_BITS:-1024}"
+ SSL_BITS="${SSL_BITS:-4096}"
+ SSL_MD="${SSL_MD:-sha256}"
SSL_COUNTRY="${SSL_COUNTRY:-US}"
SSL_STATE="${SSL_STATE:-California}"
SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
@@ -166,6 +167,7 @@ gen_crt() {
if [ "${1}" ] ; then
ebegin "Generating self-signed X.509 Certificate for CA"
openssl x509 -extfile "${SSL_CONF}" \
+ -${SSL_MD} \
-days ${SSL_DAYS} -req -signkey "${base}.key" \
-in "${base}.csr" -out "${base}.crt" &>/dev/null
else
@@ -173,7 +175,7 @@ gen_crt() {
ebegin "Generating authority-signed X.509 Certificate"
openssl x509 -extfile "${SSL_CONF}" \
-days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \
- -CAkey "${ca}.key" -CA "${ca}.crt" \
+ -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \
-in "${base}.csr" -out "${base}.crt" &>/dev/null
fi
eend $?