* [gentoo-dev] [PATCH] ssl-cert.eclass: Set default key length to 4096 bit and allow to specify message digest
@ 2017-05-20 21:58 Thomas Deutschmann
2017-05-24 11:17 ` Thomas Deutschmann
0 siblings, 1 reply; 2+ messages in thread
From: Thomas Deutschmann @ 2017-05-20 21:58 UTC (permalink / raw
To: gentoo-dev
---
eclass/ssl-cert.eclass | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass
index 6bec347234d..bfe5291314c 100644
--- a/eclass/ssl-cert.eclass
+++ b/eclass/ssl-cert.eclass
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: ssl-cert.eclass
@@ -66,7 +66,8 @@ gen_cnf() {
# These can be overridden in the ebuild
SSL_DAYS="${SSL_DAYS:-730}"
- SSL_BITS="${SSL_BITS:-1024}"
+ SSL_BITS="${SSL_BITS:-4096}"
+ SSL_MD="${SSL_MD:-sha256}"
SSL_COUNTRY="${SSL_COUNTRY:-US}"
SSL_STATE="${SSL_STATE:-California}"
SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
@@ -166,6 +167,7 @@ gen_crt() {
if [ "${1}" ] ; then
ebegin "Generating self-signed X.509 Certificate for CA"
openssl x509 -extfile "${SSL_CONF}" \
+ -${SSL_MD} \
-days ${SSL_DAYS} -req -signkey "${base}.key" \
-in "${base}.csr" -out "${base}.crt" &>/dev/null
else
@@ -173,7 +175,7 @@ gen_crt() {
ebegin "Generating authority-signed X.509 Certificate"
openssl x509 -extfile "${SSL_CONF}" \
-days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \
- -CAkey "${ca}.key" -CA "${ca}.crt" \
+ -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \
-in "${base}.csr" -out "${base}.crt" &>/dev/null
fi
eend $?
--
2.13.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [gentoo-dev] [PATCH] ssl-cert.eclass: Set default key length to 4096 bit and allow to specify message digest
2017-05-20 21:58 [gentoo-dev] [PATCH] ssl-cert.eclass: Set default key length to 4096 bit and allow to specify message digest Thomas Deutschmann
@ 2017-05-24 11:17 ` Thomas Deutschmann
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Deutschmann @ 2017-05-24 11:17 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1.1: Type: text/plain, Size: 150 bytes --]
Hi,
now committed via
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8daf322064245417d95057131f89e4e4e1d75f96
--
Regards,
Thomas
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 951 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-05-24 11:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-20 21:58 [gentoo-dev] [PATCH] ssl-cert.eclass: Set default key length to 4096 bit and allow to specify message digest Thomas Deutschmann
2017-05-24 11:17 ` Thomas Deutschmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox