Date: Mon, 21 Sep 2009 19:02:56 GMT From: Ana Kukec <anchie@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 168754 for review Message-ID: <200909211902.n8LJ2ukv000829@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=168754 Change 168754 by anchie@anchie_malimis on 2009/09/21 19:02:34 Minor in changes in script that produces x509v2 certificate chain with RFC3779 extension for IP Addresses. Affected files ... .. //depot/projects/soc2009/anchie_send/send_0.2/examples/ipext/gen_ipext#2 edit Differences ... ==== //depot/projects/soc2009/anchie_send/send_0.2/examples/ipext/gen_ipext#2 (text+ko) ==== @@ -42,23 +42,28 @@ # with the prefix definitions below, and the names of the subdirectories # containing the keying material. -ids="lvl1 ar1" +ids="lvl1" +#ids="lvl1 ar1" #ids="ar2" #ids="ar3" +#ids="router1" # For each ID in the list above, you must create a list of prefixes this # ID will be able to route. -pfxs_ca="prefix 2003::/64; - prefix 2004::/64; - prefix 2005::/64;" -pfxs_lvl1="prefix 2003::/64; - prefix 2004::/64;" -pfxs_ar1="prefix 2003::/64;" -pfxs_ar2="prefix 2004::/64;" -pfxs_ar3="prefix 2005::/64;" +pfxs_ca="prefix 2000::/64;" +pfxs_lvl1="prefix 2000::/64;" +#pfxs_ar1="prefix 2000::/64;" + # prefix 2004::/64; + # prefix 2005::/64;" +#pfxs_lvl1="prefix 2003::/64; + #prefix 2004::/64;" +#pfxs_ar1="prefix 2003::/64;" +#pfxs_ar2="prefix 2004::/64;" +#pfxs_ar3="prefix 2005::/64;" # Where does CA.pl live on your system -CA=/usr/ssl/misc/CA.pl +#CA=/usr/ssl/misc/CA.pl +CA=/usr/home/anchie/p4/send_kernel_compile/crypto/openssl/apps/CA.pl # RSA key size rsa_bits=1024 @@ -79,6 +84,7 @@ } mk_ca() { + echo "----------------> mk_ca()" rm -f demoCA mkdir -p demoCA.$1/private ln -s demoCA.$1 demoCA @@ -119,23 +125,34 @@ add_files_section() { echo "files {" >> $2 for id in $ids; do - [ "$id" != "$1" ] && fname="trustedcert" || fname="certfile" + echo "$id" + test $id != $1 && fname="trustedcert" || fname="certfile" echo " $fname `pwd`/$id/cert_ipext.pem;" >> $2 - [ "$id" == "$1" ] && break + test $id = $1 && break done echo "}" >> $2 } gen_conf_file() { # Generate a config file for adding IP extensions - pfxs=pfxs_${1} + #pfxs=pfxs_${1} + echo "addresses {" > $1/ipext_add.conf echo " ipv6 {" >> $1/ipext_add.conf echo " SAFI unicast;" >> $1/ipext_add.conf - echo " ${!pfxs}" >> $1/ipext_add.conf + if test $1 = "ca" + then + echo " " $pfxs_ca >> $1/ipext_add.conf + fi + if test $1 = "lvl1" + then + echo " " $pfxs_lvl1 >> $1/ipext_add.conf + fi + + #echo " " $pfxs_ca >> $1/ipext_add.conf echo " }" >> $1/ipext_add.conf echo "}" >> $1/ipext_add.conf - + echo "files {" >> $1/ipext_add.conf echo " certfile $1/cert.pem;" >> $1/ipext_add.conf echo " cacert $2/cert.pem;" >> $1/ipext_add.conf @@ -157,11 +174,20 @@ } verify_ipexts() { - pfxs=pfxs_${1} + #pfxs=pfxs_${1} + echo "addresses {" > ipext_verify.conf echo " ipv6 {" >> ipext_verify.conf echo " SAFI unicast;" >> ipext_verify.conf - echo " ${!pfxs}" >> ipext_verify.conf + if test $1 = "ca" + then + echo " " $pfxs_ca >> $1/ipext_add.conf + fi + if test $1 = "lvl1" + then + echo " " $pfxs_lvl1 >> $1/ipext_add.conf + fi + #echo " ${!pfxs}" >> ipext_verify.conf echo " }" >> ipext_verify.conf echo "}" >> ipext_verify.conf @@ -178,19 +204,22 @@ add_ipext $id done + /usr/sbin/ipexttool -w -i ca/ipext_add.conf + /usr/sbin/ipexttool -w -i lvl1/ipext_add.conf + verify_ipexts $id } case "$1" in chain) - if [ $# == 1 ]; then + if [ $# -eq 1 ]; then mk_top_ca generate_certs ids="ca $ids" gen_conf_files add_ipexts else - if [ $# != 3 ]; then + if [ $# -ne 3 ]; then echo $"Usage: $0 chain <new id> <signer id>" exit 1 fi @@ -204,11 +233,11 @@ ;; ipext) ids="ca $ids" - if [ $# == 1 ]; then + if [ $# -eq 1 ]; then gen_conf_files add_ipexts else - if [ $# != 3 ]; then + if [ $# -ne 3 ]; then echo $"Usage: $0 ipext <new id> <signer id>" exit 1 fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909211902.n8LJ2ukv000829>