Commit a7bbe876 authored by Stefan Fritsch's avatar Stefan Fritsch

Print error message if openssl fails

git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/trunk/ssl-cert@1081 01b336ce-410b-0410-9a02-a0e7f243c266
parent d31055c1
ssl-cert (1.0.24) UNRELEASED; urgency=low
* Print error message if debconf fails. Closes: #288045
* Print error message if openssl fails. LP: #132714
* Create group even if user tweaked NAME_REGEX. Closes: #540016
* Update Slovak translation, thanks to helix84@centrum.sk. Closes: #514376
* Fix typo. Closes: #536083 LP: #352157
......
......@@ -79,21 +79,35 @@ fi
# sacrifice one char.
TMPFILE="$(mktemp)" || exit 1
TMPOUT="$(mktemp)" || exit 1
trap "rm -f $TMPFILE $TMPOUT" EXIT
create_temporary_cnf
# create the certificate.
if [ "$1" != "generate-default-snakeoil" ]; then
openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -out $output -keyout $output > /dev/null 2>&1
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
-out $output -keyout $output > $TMPOUT 2>&1
then
echo Could not create certificate. Openssl output was: >&2
cat $TMPOUT >&2
exit 1
fi
chmod 600 $output
# hash symlink
cd $(dirname $output)
ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output))
else
openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
-out /etc/ssl/certs/ssl-cert-snakeoil.pem \
-keyout /etc/ssl/private/ssl-cert-snakeoil.key > /dev/null 2>&1
-keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1
then
echo Could not create certificate. Openssl output was: >&2
cat $TMPOUT >&2
exit 1
fi
chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem
chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key
chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
......@@ -101,6 +115,3 @@ else
cd /etc/ssl/certs/
ln -sf ssl-cert-snakeoil.pem $(openssl x509 -hash -noout -in ssl-cert-snakeoil.pem)
fi
# cleanup
rm -f $TMPFILE
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment