For discussion of Alpine Linux development and developer support

5 4

[alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity

Luke Stuart
Details
Message ID
<BANLkTi=6L6VgBfPDiM=o9y7k7PGJqSR78A@mail.gmail.com>
Sender timestamp
1308832244
DKIM signature
missing
Download raw message
---
 openssl-controller.lua        |    5 +++++
 openssl-editdefaults-html.lsp |    2 +-
 openssl-model.lua             |   32 ++++++++++++++++++++++++++++----
 openssl-request-html.lsp      |    2 +-
 openssl-status-html.lsp       |    3 ++-
 openssl.roles                 |    6 +++---
 6 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/openssl-controller.lua b/openssl-controller.lua
index 7d9ae9a..3f8750b 100755
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -116,6 +116,11 @@ putcacert = function(self)
       return controllerfunctions.handle_form(self,
self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
"Upload CA Certificate", "Certificate Uploaded")
 end

+downloadpem = function(self)
+        self.conf.viewtype="stream"
+        return self.model.getpem(self.clientdata.dlpath)
+end
+
 -- Generate a self-signed CA
 generatecacert = function(self)
       return controllerfunctions.handle_form(self,
self.model.getnewcarequest, self.model.generateca, self.clientdata,
"Generate", "Generate CA Certificate", "Certificate Generated")
diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
index 9052213..b73b0a8 100644
--- a/openssl-editdefaults-html.lsp
+++ b/openssl-editdefaults-html.lsp
@@ -6,7 +6,7 @@
       form.action = page_info.script .. page_info.prefix ..
page_info.controller .. "/" .. page_info.action
       local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
                       "organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
-       local finishingorder = { "certtype", "extensions" }
+       local finishingorder = { "encryption", "validdays",
"certtype", "extensions" }
       displayform(form, order, finishingorder)
 %>

diff --git a/openssl-model.lua b/openssl-model.lua
index b5a84a6..a9b6f83 100755
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -30,7 +30,7 @@ local short_names = { countryName="C",
stateOrProvinceName="ST", localityName="L
 local extensions = { "basicConstraints", "nsCertType", "nsComment",
"keyUsage", "subjectKeyIdentifier",
                       "authorityKeyIdentifier", "subjectAltName",
"issuerAltName" }
 -- list of entries that must be found in ca section (used to define
our certificate types)
-local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy" }
+local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy",
"default_days" }

 -- Create a cfe with the distinguished name defaults
 local getdefaults = function()
@@ -308,6 +308,14 @@ end
 getreqdefaults = function()
       local defaults = getdefaults()

+        --Add in the encryption bit default
+         local encryption = config.req.default_bits
+         defaults.value.encryption = cfe({ type="select",
label="Encryption Bits", value=encryption, option={"2048", "4096"} })
+
+         -- Add in the default days
+         local validdays = getconfigentry(config.ca.default_ca, "default_days")
+         defaults.value.validdays = cfe({ type="text", label="Period
of Validity (Days)", value=validdays, descr="Number of days this
certificate is valid for" })
+
       -- Add in the ca type default
       defaults.value.certtype = cfe({ type="select", label="Certificate Type",
               value=config.ca.default_ca, option=find_ca_sections() })
@@ -339,9 +347,10 @@ setreqdefaults = function(defaults)
                       ext_section = config.req.req_extensions
               end
               config = nil
+               fileval =
format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
               fileval = format.set_ini_section(fileval, ext_section,
format.dostounix(defaults.value.extensions.value))
               fileval = format.update_ini_file(fileval, "ca",
"default_ca", defaults.value.certtype.value)
-               fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions"})
+               fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions", "validdays"})
               fs.write_file(configfile, fileval)
       end

@@ -383,6 +392,11 @@ submitrequest = function(defaults, user)
               defaults.errtxt = "Failed to submit request\nRequest
already exists"
               success = false
       end
+
+       if not tonumber(defaults.value.validdays.value) then
+               defaults.value.validdays.errtxt = "Period of Validity
is not a number"
+               success = false
+       end

       if success then
               -- Submit the request
@@ -403,7 +417,9 @@ submitrequest = function(defaults, user)
                               end
                       end
               end
-
+
+               fileval = format.update_ini_file(fileval,
"req","default_bits",defaults.value.encryption.value)
+               fileval = format.update_ini_file(fileval,
"","default_days",defaults.value.validdays.value)
               fileval = format.set_ini_section(fileval, ext_section, content)
               fileval = format.update_ini_file(fileval, "req",
"req_extensions", ext_section)
               fs.write_file(reqname..".cfg", fileval)
@@ -470,7 +486,7 @@ approverequest = function(request)
               local certname = certdir..request.."."..serial

               -- Now, sign the certificate
-               local cmd = path .. "openssl ca -config
"..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
-out "..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
+               local cmd = path .. "openssl ca -config
"..format.escapespecialcharacters(reqpath)..".cfg -in
"..format.escapespecialcharacters(reqpath)..".csr -out
"..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
               local f = io.popen(cmd)
               cmdresult.value = f:read("*a")
               f:close()
@@ -680,6 +696,14 @@ getcrl = function(crltype)
       return crlfile
 end

+getpem = function(pem)
+        local f = fs.read_file(pem) or ""
+        local fname = string.gsub(pem, ".*/", "")
+        if validator.is_valid_filename(pem, openssldir) then
+                return cfe({ type="raw", value=f, label=fname,
option="application/x-pkcs12" })
+        end
+end
+
 getnewputca = function()
       local ca = cfe({ type="raw", value=0, label="CA Certificate",
descr='File must be a password protected ".pfx" file' })
       local password = cfe({ label="Certificate Password" })
diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
index 2bc3af9..acbe8ed 100644
--- a/openssl-request-html.lsp
+++ b/openssl-request-html.lsp
@@ -8,7 +8,7 @@
       form.value.password_confirm.type = "password"
       local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
                       "organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
-       local finishingorder = { "certtype", "extensions", "password",
"password_confirm" }
+       local finishingorder = { "certtype", "validdays",
"extensions", "password", "password_confirm" }
       displayform(form, order, finishingorder)
 %>

diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index 1837ab0..0f73d35 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -32,4 +32,5 @@
               end
       end
 end %>
-
+<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
+Certificate</H1> <DL> <%=
html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value),
label="Download "..view.value.cacert.value } %><BR> </DL><% end %>
diff --git a/openssl.roles b/openssl.roles
index eb63818..03f5df1 100644
--- a/openssl.roles
+++ b/openssl.roles
@@ -1,6 +1,6 @@
 USER=openssl:status,openssl:getrevoked
 EDITOR=openssl:editdefaults
 CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
-CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
-EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
-ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
+CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
+EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
+ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
--
1.7.5.4


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Ted Trask
Details
Message ID
<1309907862.21790.YahooMailNeo@web130112.mail.mud.yahoo.com>
In-Reply-To
<BANLkTi=6L6VgBfPDiM=o9y7k7PGJqSR78A@mail.gmail.com> (view parent)
Sender timestamp
1309907862
DKIM signature
missing
Download raw message
I tried to apply the patch, but ran into trouble. I kept getting line wraps and HTML tags and other garbage. Since I tried it with two different mail clients, I'm wondering if it was a problem when sending the patch. Can you please try again using 'git send-email'?

Or, can someone else help me to apply the patch?

Thanks.


Ted




________________________________
From: Luke Stuart <lukestu@gmail.com>
To: alpine-devel@lists.alpinelinux.org
Sent: Thursday, June 23, 2011 8:30 AM
Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity

---
 openssl-controller.lua        |    5 +++++
 openssl-editdefaults-html.lsp |    2 +-
 openssl-model.lua             |   32 ++++++++++++++++++++++++++++----
 openssl-request-html.lsp      |    2 +-
 openssl-status-html.lsp       |    3 ++-
 openssl.roles                 |    6 +++---
 6 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/openssl-controller.lua b/openssl-controller.lua
index 7d9ae9a..3f8750b 100755
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -116,6 +116,11 @@ putcacert = function(self)
       return controllerfunctions.handle_form(self,
self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
"Upload CA Certificate", "Certificate Uploaded")
 end

+downloadpem = function(self)
+        self.conf.viewtype="stream"
+        return self.model.getpem(self.clientdata.dlpath)
+end
+
 -- Generate a self-signed CA
 generatecacert = function(self)
       return controllerfunctions.handle_form(self,
self.model.getnewcarequest, self.model.generateca, self.clientdata,
"Generate", "Generate CA Certificate", "Certificate Generated")
diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
index 9052213..b73b0a8 100644
--- a/openssl-editdefaults-html.lsp
+++ b/openssl-editdefaults-html.lsp
@@ -6,7 +6,7 @@
       form.action = page_info.script .. page_info.prefix ..
page_info.controller .. "/" .. page_info.action
       local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
                       "organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
-       local finishingorder = { "certtype", "extensions" }
+       local finishingorder = { "encryption", "validdays",
"certtype", "extensions" }
       displayform(form, order, finishingorder)
 %>

diff --git a/openssl-model.lua b/openssl-model.lua
index b5a84a6..a9b6f83 100755
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -30,7 +30,7 @@ local short_names = { countryName="C",
stateOrProvinceName="ST", localityName="L
 local extensions = { "basicConstraints", "nsCertType", "nsComment",
"keyUsage", "subjectKeyIdentifier",
                       "authorityKeyIdentifier", "subjectAltName",
"issuerAltName" }
 -- list of entries that must be found in ca section (used to define
our certificate types)
-local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy" }
+local ca_mandatory_entries = { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy",
"default_days" }

 -- Create a cfe with the distinguished name defaults
 local getdefaults = function()
@@ -308,6 +308,14 @@ end
 getreqdefaults = function()
       local defaults = getdefaults()

+        --Add in the encryption bit default
+         local encryption = config.req.default_bits
+         defaults.value.encryption = cfe({ type="select",
label="Encryption Bits", value=encryption, option={"2048", "4096"} })
+
+         -- Add in the default days
+         local validdays = getconfigentry(config.ca.default_ca, "default_days")
+         defaults.value.validdays = cfe({ type="text", label="Period
of Validity (Days)", value=validdays, descr="Number of days this
certificate is valid for" })
+
       -- Add in the ca type default
       defaults.value.certtype = cfe({ type="select", label="Certificate Type",
               value=config.ca.default_ca, option=find_ca_sections() })
@@ -339,9 +347,10 @@ setreqdefaults = function(defaults)
                       ext_section = config.req.req_extensions
               end
               config = nil
+               fileval =
format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
               fileval = format.set_ini_section(fileval, ext_section,
format.dostounix(defaults.value.extensions.value))
               fileval = format.update_ini_file(fileval, "ca",
"default_ca", defaults.value.certtype.value)
-               fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions"})
+               fileval = write_distinguished_names(fileval, defaults,
{"certtype", "extensions", "validdays"})
               fs.write_file(configfile, fileval)
       end

@@ -383,6 +392,11 @@ submitrequest = function(defaults, user)
               defaults.errtxt = "Failed to submit request\nRequest
already exists"
               success = false
       end
+
+       if not tonumber(defaults.value.validdays.value) then
+               defaults.value.validdays.errtxt = "Period of Validity
is not a number"
+               success = false
+       end

       if success then
               -- Submit the request
@@ -403,7 +417,9 @@ submitrequest = function(defaults, user)
                               end
                       end
               end
-
+
+               fileval = format.update_ini_file(fileval,
"req","default_bits",defaults.value.encryption.value)
+               fileval = format.update_ini_file(fileval,
"","default_days",defaults.value.validdays.value)
               fileval = format.set_ini_section(fileval, ext_section, content)
               fileval = format.update_ini_file(fileval, "req",
"req_extensions", ext_section)
               fs.write_file(reqname..".cfg", fileval)
@@ -470,7 +486,7 @@ approverequest = function(request)
               local certname = certdir..request.."."..serial

               -- Now, sign the certificate
-               local cmd = path .. "openssl ca -config
"..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
-out "..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
+               local cmd = path .. "openssl ca -config
"..format.escapespecialcharacters(reqpath)..".cfg -in
"..format.escapespecialcharacters(reqpath)..".csr -out
"..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
               local f = io.popen(cmd)
               cmdresult.value = f:read("*a")
               f:close()
@@ -680,6 +696,14 @@ getcrl = function(crltype)
       return crlfile
 end

+getpem = function(pem)
+        local f = fs.read_file(pem) or ""
+        local fname = string.gsub(pem, ".*/", "")
+        if validator.is_valid_filename(pem, openssldir) then
+                return cfe({ type="raw", value=f, label=fname,
option="application/x-pkcs12" })
+        end
+end
+
 getnewputca = function()
       local ca = cfe({ type="raw", value=0, label="CA Certificate",
descr='File must be a password protected ".pfx" file' })
       local password = cfe({ label="Certificate Password" })
diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
index 2bc3af9..acbe8ed 100644
--- a/openssl-request-html.lsp
+++ b/openssl-request-html.lsp
@@ -8,7 +8,7 @@
       form.value.password_confirm.type = "password"
       local order = { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
                       "organizationalUnitName", "OU", "commonName",
"CN", "emailAddress" }
-       local finishingorder = { "certtype", "extensions", "password",
"password_confirm" }
+       local finishingorder = { "certtype", "validdays",
"extensions", "password", "password_confirm" }
       displayform(form, order, finishingorder)
 %>

diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index 1837ab0..0f73d35 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -32,4 +32,5 @@
               end
       end
 end %>
-
+<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
+Certificate</H1> <DL> <%=
html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value),
label="Download "..view.value.cacert.value } %><BR> </DL><% end %>
diff --git a/openssl.roles b/openssl.roles
index eb63818..03f5df1 100644
--- a/openssl.roles
+++ b/openssl.roles
@@ -1,6 +1,6 @@
 USER=openssl:status,openssl:getrevoked
 EDITOR=openssl:editdefaults
 CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
-CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
-EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
-ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
+CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
+EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
+ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
--
1.7.5.4


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Ted Trask
Details
Message ID
<1309910053.74491.YahooMailNeo@web130108.mail.mud.yahoo.com>
In-Reply-To
<CAML-UdvVSQrutiY6WAC6Tutg5yOE5yL+Wsm4A1gY+pLZtewX0g@mail.gmail.com> (view parent)
Sender timestamp
1309910053
DKIM signature
missing
Download raw message
Line wraps are there too.
 
Ted

From: Kiyoshi Aman <aphrael@alpinelinux.org>
To: "alpine-devel@lists.alpinelinux.org" <alpine-devel@lists.alpinelinux.org>
Sent: Tuesday, July 5, 2011 7:34 PM
Subject: Re: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity

Try with http://inari.aerdan.org/acf-openssl.patch (literally just
copied and pasted into cat on my VPS).


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:        alpine-devel+help@lists.alpinelinux.org
---
Jeff Bilyk
Details
Message ID
<CAHwjr34f6Rhm9UmYhoDmZzQK-eQcLgKB9ZtqNENG8B7=1mcTCA@mail.gmail.com>
In-Reply-To
<1309907862.21790.YahooMailNeo@web130112.mail.mud.yahoo.com> (view parent)
Sender timestamp
1309908212
DKIM signature
missing
Download raw message
On Tue, Jul 5, 2011 at 7:17 PM, Ted Trask <ttrask01@yahoo.com> wrote:
> I tried to apply the patch, but ran into trouble. I kept getting line wraps
> and HTML tags and other garbage. Since I tried it with two different mail
> clients, I'm wondering if it was a problem when sending the patch. Can you
> please try again using 'git send-email'?
> Or, can someone else help me to apply the patch?

I gave it a quick try as well, and I am also getting formatting issues
with the email, would be best to resend.

> Thanks.
>
> Ted
>
>
> ________________________________
> From: Luke Stuart <lukestu@gmail.com>
> To: alpine-devel@lists.alpinelinux.org
> Sent: Thursday, June 23, 2011 8:30 AM
> Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354:
> download cert plus set encryption bits and period of validity
>
> ---
>  openssl-controller.lua        |    5 +++++
>  openssl-editdefaults-html.lsp |    2 +-
>  openssl-model.lua             |   32 ++++++++++++++++++++++++++++----
>  openssl-request-html.lsp      |    2 +-
>  openssl-status-html.lsp       |    3 ++-
>  openssl.roles                 |    6 +++---
>  6 files changed, 40 insertions(+), 10 deletions(-)
>
> diff --git a/openssl-controller.lua b/openssl-controller.lua
> index 7d9ae9a..3f8750b 100755
> --- a/openssl-controller.lua
> +++ b/openssl-controller.lua
> @@ -116,6 +116,11 @@ putcacert = function(self)
>        return controllerfunctions.handle_form(self,
> self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
> "Upload CA Certificate", "Certificate Uploaded")
>  end
>
> +downloadpem = function(self)
> +        self.conf.viewtype="stream"
> +        return self.model.getpem(self.clientdata.dlpath)
> +end
> +
>  -- Generate a self-signed CA
>  generatecacert = function(self)
>        return controllerfunctions.handle_form(self,
> self.model.getnewcarequest, self.model.generateca, self.clientdata,
> "Generate", "Generate CA Certificate", "Certificate Generated")
> diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
> index 9052213..b73b0a8 100644
> --- a/openssl-editdefaults-html.lsp
> +++ b/openssl-editdefaults-html.lsp
> @@ -6,7 +6,7 @@
>        form.action = page_info.script .. page_info.prefix ..
> page_info.controller .. "/" .. page_info.action
>        local order = { "countryName", "C", "stateOrProvinceName",
> "ST", "localityName", "L", "organizationName", "O",
>                        "organizationalUnitName", "OU", "commonName",
> "CN", "emailAddress" }
> -       local finishingorder = { "certtype", "extensions" }
> +       local finishingorder = { "encryption", "validdays",
> "certtype", "extensions" }
>        displayform(form, order, finishingorder)
>  %>
>
> diff --git a/openssl-model.lua b/openssl-model.lua
> index b5a84a6..a9b6f83 100755
> --- a/openssl-model.lua
> +++ b/openssl-model.lua
> @@ -30,7 +30,7 @@ local short_names = { countryName="C",
> stateOrProvinceName="ST", localityName="L
>  local extensions = { "basicConstraints", "nsCertType", "nsComment",
> "keyUsage", "subjectKeyIdentifier",
>                        "authorityKeyIdentifier", "subjectAltName",
> "issuerAltName" }
>  -- list of entries that must be found in ca section (used to define
> our certificate types)
> -local ca_mandatory_entries = { "new_certs_dir", "certificate",
> "private_key", "default_md", "database", "serial", "policy" }
> +local ca_mandatory_entries = { "new_certs_dir", "certificate",
> "private_key", "default_md", "database", "serial", "policy",
> "default_days" }
>
>  -- Create a cfe with the distinguished name defaults
>  local getdefaults = function()
> @@ -308,6 +308,14 @@ end
>  getreqdefaults = function()
>        local defaults = getdefaults()
>
> +        --Add in the encryption bit default
> +         local encryption = config.req.default_bits
> +         defaults.value.encryption = cfe({ type="select",
> label="Encryption Bits", value=encryption, option={"2048", "4096"} })
> +
> +         -- Add in the default days
> +         local validdays = getconfigentry(config.ca.default_ca,
> "default_days")
> +         defaults.value.validdays = cfe({ type="text", label="Period
> of Validity (Days)", value=validdays, descr="Number of days this
> certificate is valid for" })
> +
>        -- Add in the ca type default
>        defaults.value.certtype = cfe({ type="select", label="Certificate
> Type",
>                value=config.ca.default_ca, option=find_ca_sections() })
> @@ -339,9 +347,10 @@ setreqdefaults = function(defaults)
>                        ext_section = config.req.req_extensions
>                end
>                config = nil
> +               fileval =
> format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
>                fileval = format.set_ini_section(fileval, ext_section,
> format.dostounix(defaults.value.extensions.value))
>                fileval = format.update_ini_file(fileval, "ca",
> "default_ca", defaults.value.certtype.value)
> -               fileval = write_distinguished_names(fileval, defaults,
> {"certtype", "extensions"})
> +               fileval = write_distinguished_names(fileval, defaults,
> {"certtype", "extensions", "validdays"})
>                fs.write_file(configfile, fileval)
>        end
>
> @@ -383,6 +392,11 @@ submitrequest = function(defaults, user)
>                defaults.errtxt = "Failed to submit request\nRequest
> already exists"
>                success = false
>        end
> +
> +       if not tonumber(defaults.value.validdays.value) then
> +               defaults.value.validdays.errtxt = "Period of Validity
> is not a number"
> +               success = false
> +       end
>
>        if success then
>                -- Submit the request
> @@ -403,7 +417,9 @@ submitrequest = function(defaults, user)
>                                end
>                        end
>                end
> -
> +
> +               fileval = format.update_ini_file(fileval,
> "req","default_bits",defaults.value.encryption.value)
> +               fileval = format.update_ini_file(fileval,
> "","default_days",defaults.value.validdays.value)
>                fileval = format.set_ini_section(fileval, ext_section,
> content)
>                fileval = format.update_ini_file(fileval, "req",
> "req_extensions", ext_section)
>                fs.write_file(reqname..".cfg", fileval)
> @@ -470,7 +486,7 @@ approverequest = function(request)
>                local certname = certdir..request.."."..serial
>
>                -- Now, sign the certificate
> -               local cmd = path .. "openssl ca -config
> "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
> -out "..format.escapespecialcharacters(certname)..".crt -name
> "..format.escapespecialcharacters(certtype).." -batch 2>&1"
> +               local cmd = path .. "openssl ca -config
> "..format.escapespecialcharacters(reqpath)..".cfg -in
> "..format.escapespecialcharacters(reqpath)..".csr -out
> "..format.escapespecialcharacters(certname)..".crt -name
> "..format.escapespecialcharacters(certtype).." -batch 2>&1"
>                local f = io.popen(cmd)
>                cmdresult.value = f:read("*a")
>                f:close()
> @@ -680,6 +696,14 @@ getcrl = function(crltype)
>        return crlfile
>  end
>
> +getpem = function(pem)
> +        local f = fs.read_file(pem) or ""
> +        local fname = string.gsub(pem, ".*/", "")
> +        if validator.is_valid_filename(pem, openssldir) then
> +                return cfe({ type="raw", value=f, label=fname,
> option="application/x-pkcs12" })
> +        end
> +end
> +
>  getnewputca = function()
>        local ca = cfe({ type="raw", value=0, label="CA Certificate",
> descr='File must be a password protected ".pfx" file' })
>        local password = cfe({ label="Certificate Password" })
> diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
> index 2bc3af9..acbe8ed 100644
> --- a/openssl-request-html.lsp
> +++ b/openssl-request-html.lsp
> @@ -8,7 +8,7 @@
>        form.value.password_confirm.type = "password"
>        local order = { "countryName", "C", "stateOrProvinceName",
> "ST", "localityName", "L", "organizationName", "O",
>                        "organizationalUnitName", "OU", "commonName",
> "CN", "emailAddress" }
> -       local finishingorder = { "certtype", "extensions", "password",
> "password_confirm" }
> +       local finishingorder = { "certtype", "validdays",
> "extensions", "password", "password_confirm" }
>        displayform(form, order, finishingorder)
>  %>
>
> diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
> index 1837ab0..0f73d35 100644
> --- a/openssl-status-html.lsp
> +++ b/openssl-status-html.lsp
> @@ -32,4 +32,5 @@
>                end
>        end
>  end %>
> -
> +<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
> +Certificate</H1> <DL> <%=
> html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value),
> label="Download "..view.value.cacert.value } %><BR> </DL><% end %>
> diff --git a/openssl.roles b/openssl.roles
> index eb63818..03f5df1 100644
> --- a/openssl.roles
> +++ b/openssl.roles
> @@ -1,6 +1,6 @@
>  USER=openssl:status,openssl:getrevoked
>  EDITOR=openssl:editdefaults
>  CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
> -CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
> -EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
> -ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
> +CERT_APPROVER=openssl:readall,
> openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
> +EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
> +ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
> --
> 1.7.5.4
>
>
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:        alpine-devel+help@lists.alpinelinux.org
> ---
>
>
>
>



-- 
Jeff


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Kiyoshi Aman
Details
Message ID
<CAML-UdvVSQrutiY6WAC6Tutg5yOE5yL+Wsm4A1gY+pLZtewX0g@mail.gmail.com>
In-Reply-To
<CAHwjr34f6Rhm9UmYhoDmZzQK-eQcLgKB9ZtqNENG8B7=1mcTCA@mail.gmail.com> (view parent)
Sender timestamp
1309908876
DKIM signature
missing
Download raw message
Try with http://inari.aerdan.org/acf-openssl.patch (literally just
copied and pasted into cat on my VPS).


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20110706080044.27184d5e@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<1309907862.21790.YahooMailNeo@web130112.mail.mud.yahoo.com> (view parent)
Sender timestamp
1309932044
DKIM signature
missing
Download raw message
On Tue, 5 Jul 2011 16:17:42 -0700 (PDT)
Ted Trask <ttrask01@yahoo.com> wrote:

> I tried to apply the patch, but ran into trouble. I kept getting line
> wraps and HTML tags and other garbage. Since I tried it with two
> different mail clients, I'm wondering if it was a problem when
> sending the patch. Can you please try again using 'git send-email'?

From the email source:

From: Luke Stuart <lukestu@gmail.com>
To: alpine-devel@lists.alpinelinux.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
                           ^^^^^^^^^^^^^^^^

X-Virus-Scanned: ClamAV using ClamSMTP

---
=A0openssl-controller.lua =A0 =A0 =A0 =A0| =A0 =A05 +++++
=A0openssl-editdefaults-html.lsp | =A0 =A02 +-
=A0openssl-model.lua =A0 =A0 =A0 =A0 =A0 =A0 | =A0 32
+++++++++++++++++++++= +++++++----


Seems like the patch was copy-pasted into gmail which encoded it with
quoted-printable.

I saw no git  header.

Luke, could you please resend the patch using git send-email?
Here is how:
http://wiki.alpinelinux.org/wiki/Creating_patches

There is an example how you configure git with gmail here:
http://wiki.alpinelinux.org/wiki/Development_using_git#Email_configuration

Thanks!
-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---