using DOMAIN for AIA-urls

diff --git a/generateInfra.sh b/generateInfra.sh
index b283220bf3202f607d6c4726d7f212c88306f495..76a6eeed297838a5d3183dd5d6a84ac94017f9c9 100755 (executable)
--- a/generateInfra.sh
+++ b/generateInfra.sh
@@ -9,8 +9,8 @@ year=$1
 . commonFunctions
 
 CRL="
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env-1.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/$year/env-1.crt"
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$year/env-1.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$year/env-1.crt"
 
 cat <<TESTCA > req.cnf
 basicConstraints = critical,CA:false

diff --git a/generateKeys.sh b/generateKeys.sh
index 4dd87a2bbc1fd16b7bc0e8b15f5c80945625cfef..d1b15ca1737b2b1217f2ac9941e4d3b208388d53 100755 (executable)
--- a/generateKeys.sh
+++ b/generateKeys.sh
@@ -14,8 +14,8 @@ keyUsage = keyCertSign, cRLSign
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always
 
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA
 
 cat <<TESTCA > subca.cnf
@@ -25,8 +25,8 @@ keyUsage = keyCertSign, cRLSign
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always
 
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt
 TESTCA
 
 

diff --git a/generateTime.sh b/generateTime.sh
index 868ef9aa039da214eede4143e7f10151e98b8854..3496c74e45455cec1bf8de1c637238e84e6dd865 100755 (executable)
--- a/generateTime.sh
+++ b/generateTime.sh
@@ -14,8 +14,8 @@ keyUsage = keyCertSign, cRLSign
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always
 
-crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$2.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/$2.crt
+crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$2.crl
+authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$2.crt
 TESTCA
     caSign $1 $2 timesubca.cnf "$3" "$4"
     rm timesubca.cnf

diff --git a/verify.sh b/verify.sh
index f698e0d372dfb7d97d197c9293116efd48c3a53e..9b6f5f22bd1fcf2778f1f6541287d753ac3fd60c 100755 (executable)
--- a/verify.sh
+++ b/verify.sh
@@ -61,9 +61,9 @@ for ca in ${STRUCT_CAS}; do
        echo "$EXT" | grep -A 2 "Basic Constraints" | grep "CA:TRUE" > /dev/null || error "Basic Constraints field is wrong for $ca"
        echo "$EXT" | grep -A 2 "Key Usage" | grep "^ *Certificate Sign, CRL Sign$" > /dev/null || error "KeyUsage field is wrong for $ca"
 
-       echo "$EXT" | grep -A 4 "CRL Distribution" | grep "g2.crl.cacert.org/g2/$ca.crl" > /dev/null || error "CRL field is wrong for $ca"
-       echo "$EXT" | grep "CA Issuers" | grep "/$ca.crt" | grep "g2.crt.cacert.org/g2/" > /dev/null || error "CA Issuers field is wrong for $ca"
-       echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.cacert.org" > /dev/null || error "OCSP field is wrong for $ca"
+       echo "$EXT" | grep -A 4 "CRL Distribution" | grep "g2.crl.${DOMAIN}/g2/$ca.crl" > /dev/null || error "CRL field is wrong for $ca"
+       echo "$EXT" | grep "CA Issuers" | grep "/$ca.crt" | grep "g2.crt.${DOMAIN}/g2/" > /dev/null || error "CA Issuers field is wrong for $ca"
+       echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.${DOMAIN}" > /dev/null || error "OCSP field is wrong for $ca"
     done
 done