YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Attempt to fix the weird selfsigned certificate generation error

Browse source
This commit is contained in:
Alexandre Aubin 2021-11-30 20:46:43 +01:00
parent c6df391a9a
commit 73da37f152
2 changed files with 7 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
hooks/conf_regen/02-ssl
View file

@ -6,7 +6,7 @@ ssl_dir="/usr/share/yunohost/ssl"
ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem" ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem"
ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem" ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem"
ynh_key="/etc/yunohost/certs/yunohost.org/key.pem" ynh_key="/etc/yunohost/certs/yunohost.org/key.pem"
openssl_conf="/usr/share/yunohost/conf/ssl/openssl.cnf" template_dir="/usr/share/yunohost/conf/ssl/"
regen_local_ca() { regen_local_ca() {
@ -26,7 +26,7 @@ regen_local_ca() {
RANDFILE=.rnd openssl rand -hex 19 >serial RANDFILE=.rnd openssl rand -hex 19 >serial
rm -f index.txt rm -f index.txt
touch index.txt touch index.txt
cp /usr/share/yunohost/conf/ssl/openssl.cnf openssl.ca.cnf cp ${template_dir}/openssl.cnf openssl.ca.cnf
sed -i "s/yunohost.org/${domain}/g" openssl.ca.cnf sed -i "s/yunohost.org/${domain}/g" openssl.ca.cnf
openssl req -x509 \ openssl req -x509 \
-new \ -new \
@ -57,7 +57,7 @@ do_init_regen() {
# Make sure this conf exists # Make sure this conf exists
mkdir -p ${ssl_dir} mkdir -p ${ssl_dir}
cp /usr/share/yunohost/conf/ssl/openssl.cnf ${ssl_dir}/openssl.ca.cnf install -D -m 644 ${template_dir}/openssl.cnf "${ssl_dir}/openssl.cnf"
# create default certificates # create default certificates
if [[ ! -f "$ynh_ca" ]]; then if [[ ! -f "$ynh_ca" ]]; then
@ -68,14 +68,13 @@ do_init_regen() {
echo -e "\n# Creating initial key and certificate \n" >>$LOGFILE echo -e "\n# Creating initial key and certificate \n" >>$LOGFILE
openssl req -new \ openssl req -new \
-config "$openssl_conf" \ -config "${ssl_dir}/openssl.cnf" \
-days 730 \
-out "${ssl_dir}/certs/yunohost_csr.pem" \ -out "${ssl_dir}/certs/yunohost_csr.pem" \
-keyout "${ssl_dir}/certs/yunohost_key.pem" \ -keyout "${ssl_dir}/certs/yunohost_key.pem" \
-nodes -batch &>>$LOGFILE -nodes -batch &>>$LOGFILE
openssl ca \ openssl ca \
-config "$openssl_conf" \ -config "${ssl_dir}/openssl.cnf" \
-days 730 \ -days 730 \
-in "${ssl_dir}/certs/yunohost_csr.pem" \ -in "${ssl_dir}/certs/yunohost_csr.pem" \
-out "${ssl_dir}/certs/yunohost_crt.pem" \ -out "${ssl_dir}/certs/yunohost_crt.pem" \
@ -92,16 +91,12 @@ do_init_regen() {
chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/ chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
chmod o-rwx /etc/yunohost/certs/yunohost.org/ chmod o-rwx /etc/yunohost/certs/yunohost.org/
install -D -m 644 $openssl_conf "${ssl_dir}/openssl.cnf"
} }
do_pre_regen() { do_pre_regen() {
pending_dir=$1 pending_dir=$1
cd /usr/share/yunohost/conf/ssl install -D -m 644 $template_dir/openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf"
install -D -m 644 openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf"
} }
do_post_regen() { do_post_regen() {

2
src/certificate.py
View file

@ -181,7 +181,7 @@ def _certificate_install_selfsigned(domain_list, force=False):
# Use OpenSSL command line to create a certificate signing request, # Use OpenSSL command line to create a certificate signing request,
# and self-sign the cert # and self-sign the cert
commands = [ commands = [
"openssl req -new -config %s -days 3650 -out %s -keyout %s -nodes -batch" "openssl req -new -config %s -out %s -keyout %s -nodes -batch"
% (conf_file, csr_file, key_file), % (conf_file, csr_file, key_file),
"openssl ca -config %s -days 3650 -in %s -out %s -batch" "openssl ca -config %s -days 3650 -in %s -out %s -batch"
% (conf_file, csr_file, crt_file), % (conf_file, csr_file, crt_file),