From: Felix Dörre Date: Tue, 12 May 2015 16:29:19 +0000 (+0200) Subject: using DOMAIN for AIA-urls X-Git-Url: https://code.wpia.club/?p=nre.git;a=commitdiff_plain;h=fd12e48f597a3edd99f8b235a897e36faa745ceb using DOMAIN for AIA-urls --- diff --git a/generateInfra.sh b/generateInfra.sh index b283220..76a6eee 100755 --- a/generateInfra.sh +++ b/generateInfra.sh @@ -9,8 +9,8 @@ year=$1 . commonFunctions CRL=" -crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$year/env-1.crl -authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/$year/env-1.crt" +crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$year/env-1.crl +authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$year/env-1.crt" cat < req.cnf basicConstraints = critical,CA:false diff --git a/generateKeys.sh b/generateKeys.sh index 4dd87a2..d1b15ca 100755 --- a/generateKeys.sh +++ b/generateKeys.sh @@ -14,8 +14,8 @@ keyUsage = keyCertSign, cRLSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always -crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl -authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt +crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl +authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt TESTCA cat < subca.cnf @@ -25,8 +25,8 @@ keyUsage = keyCertSign, cRLSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always -crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/root.crl -authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/root.crt +crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/root.crl +authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/root.crt TESTCA diff --git a/generateTime.sh b/generateTime.sh index 868ef9a..3496c74 100755 --- a/generateTime.sh +++ b/generateTime.sh @@ -14,8 +14,8 @@ keyUsage = keyCertSign, cRLSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always -crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$2.crl -authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/g2/$2.crt +crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$2.crl +authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$2.crt TESTCA caSign $1 $2 timesubca.cnf "$3" "$4" rm timesubca.cnf diff --git a/verify.sh b/verify.sh index f698e0d..9b6f5f2 100755 --- a/verify.sh +++ b/verify.sh @@ -61,9 +61,9 @@ for ca in ${STRUCT_CAS}; do echo "$EXT" | grep -A 2 "Basic Constraints" | grep "CA:TRUE" > /dev/null || error "Basic Constraints field is wrong for $ca" echo "$EXT" | grep -A 2 "Key Usage" | grep "^ *Certificate Sign, CRL Sign$" > /dev/null || error "KeyUsage field is wrong for $ca" - echo "$EXT" | grep -A 4 "CRL Distribution" | grep "g2.crl.cacert.org/g2/$ca.crl" > /dev/null || error "CRL field is wrong for $ca" - echo "$EXT" | grep "CA Issuers" | grep "/$ca.crt" | grep "g2.crt.cacert.org/g2/" > /dev/null || error "CA Issuers field is wrong for $ca" - echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.cacert.org" > /dev/null || error "OCSP field is wrong for $ca" + echo "$EXT" | grep -A 4 "CRL Distribution" | grep "g2.crl.${DOMAIN}/g2/$ca.crl" > /dev/null || error "CRL field is wrong for $ca" + echo "$EXT" | grep "CA Issuers" | grep "/$ca.crt" | grep "g2.crt.${DOMAIN}/g2/" > /dev/null || error "CA Issuers field is wrong for $ca" + echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.${DOMAIN}" > /dev/null || error "OCSP field is wrong for $ca" done done