X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 7065215218A5 for ; Tue, 5 Jul 2011 23:23:34 +0000 (UTC) Received: by bwa20 with SMTP id 20so7394384bwa.13 for ; Tue, 05 Jul 2011 16:23:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=6B4n2lq+zvsk5TGkbpvLQlRVcEd0Bkd5hCK49e+2nrs=; b=mR3BxvqneppE8o5nDHuAOSQYtrb1bGXH3wl2r9FlkviptZu39QSYz3Wce7/DEwbho4 RZtKtjjyPlMvS9Fh/pS7LelhefT4XDAflXiXNMVFwhHFzEsIQx/CDv043N+Gb9Y5XzZN 60To5psIfQwTZaZyMD05JwER3xqqlCMUN3GZ4= X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.205.81.6 with SMTP id zw6mr7142864bkb.16.1309908212496; Tue, 05 Jul 2011 16:23:32 -0700 (PDT) Received: by 10.204.26.214 with HTTP; Tue, 5 Jul 2011 16:23:32 -0700 (PDT) In-Reply-To: <1309907862.21790.YahooMailNeo@web130112.mail.mud.yahoo.com> References: <1308831937-19564-1-git-send-email-lukestu@gmail.com> <1309907862.21790.YahooMailNeo@web130112.mail.mud.yahoo.com> Date: Tue, 5 Jul 2011 19:23:32 -0400 Message-ID: Subject: Re: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity From: Jeff Bilyk To: Ted Trask Cc: Luke Stuart , "alpine-devel@lists.alpinelinux.org" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Tue, Jul 5, 2011 at 7:17 PM, Ted Trask wrote: > I tried to apply the patch, but ran into trouble. I kept getting line wra= ps > and HTML tags and other garbage. Since I tried it with two different mail > clients, I'm wondering if it was a problem when sending the patch. Can yo= u > please try again using 'git send-email'? > Or, can someone else help me to apply the patch? I gave it a quick try as well, and I am also getting formatting issues with the email, would be best to resend. > Thanks. > > Ted > > > ________________________________ > From: Luke Stuart > To: alpine-devel@lists.alpinelinux.org > Sent: Thursday, June 23, 2011 8:30 AM > Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: > download cert plus set encryption bits and period of validity > > --- > =A0openssl-controller.lua =A0 =A0 =A0 =A0| =A0 =A05 +++++ > =A0openssl-editdefaults-html.lsp | =A0 =A02 +- > =A0openssl-model.lua =A0 =A0 =A0 =A0 =A0 =A0 | =A0 32 +++++++++++++++++++= +++++++++---- > =A0openssl-request-html.lsp =A0 =A0 =A0| =A0 =A02 +- > =A0openssl-status-html.lsp =A0 =A0 =A0 | =A0 =A03 ++- > =A0openssl.roles =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 | =A0 =A06 +++--- > =A06 files changed, 40 insertions(+), 10 deletions(-) > > diff --git a/openssl-controller.lua b/openssl-controller.lua > index 7d9ae9a..3f8750b 100755 > --- a/openssl-controller.lua > +++ b/openssl-controller.lua > @@ -116,6 +116,11 @@ putcacert =3D function(self) > =A0 =A0 =A0 =A0return controllerfunctions.handle_form(self, > self.model.getnewputca, self.model.putca, self.clientdata, "Upload", > "Upload CA Certificate", "Certificate Uploaded") > =A0end > > +downloadpem =3D function(self) > + =A0 =A0 =A0 =A0self.conf.viewtype=3D"stream" > + =A0 =A0 =A0 =A0return self.model.getpem(self.clientdata.dlpath) > +end > + > =A0-- Generate a self-signed CA > =A0generatecacert =3D function(self) > =A0 =A0 =A0 =A0return controllerfunctions.handle_form(self, > self.model.getnewcarequest, self.model.generateca, self.clientdata, > "Generate", "Generate CA Certificate", "Certificate Generated") > diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.ls= p > index 9052213..b73b0a8 100644 > --- a/openssl-editdefaults-html.lsp > +++ b/openssl-editdefaults-html.lsp > @@ -6,7 +6,7 @@ > =A0 =A0 =A0 =A0form.action =3D page_info.script .. page_info.prefix .. > page_info.controller .. "/" .. page_info.action > =A0 =A0 =A0 =A0local order =3D { "countryName", "C", "stateOrProvinceName= ", > "ST", "localityName", "L", "organizationName", "O", > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"organizationalUnitName", = "OU", "commonName", > "CN", "emailAddress" } > - =A0 =A0 =A0 local finishingorder =3D { "certtype", "extensions" } > + =A0 =A0 =A0 local finishingorder =3D { "encryption", "validdays", > "certtype", "extensions" } > =A0 =A0 =A0 =A0displayform(form, order, finishingorder) > =A0%> > > diff --git a/openssl-model.lua b/openssl-model.lua > index b5a84a6..a9b6f83 100755 > --- a/openssl-model.lua > +++ b/openssl-model.lua > @@ -30,7 +30,7 @@ local short_names =3D { countryName=3D"C", > stateOrProvinceName=3D"ST", localityName=3D"L > =A0local extensions =3D { "basicConstraints", "nsCertType", "nsComment", > "keyUsage", "subjectKeyIdentifier", > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"authorityKeyIdentifier", = "subjectAltName", > "issuerAltName" } > =A0-- list of entries that must be found in ca section (used to define > our certificate types) > -local ca_mandatory_entries =3D { "new_certs_dir", "certificate", > "private_key", "default_md", "database", "serial", "policy" } > +local ca_mandatory_entries =3D { "new_certs_dir", "certificate", > "private_key", "default_md", "database", "serial", "policy", > "default_days" } > > =A0-- Create a cfe with the distinguished name defaults > =A0local getdefaults =3D function() > @@ -308,6 +308,14 @@ end > =A0getreqdefaults =3D function() > =A0 =A0 =A0 =A0local defaults =3D getdefaults() > > + =A0 =A0 =A0 =A0--Add in the encryption bit default > + =A0 =A0 =A0 =A0 local encryption =3D config.req.default_bits > + =A0 =A0 =A0 =A0 defaults.value.encryption =3D cfe({ type=3D"select", > label=3D"Encryption Bits", value=3Dencryption, option=3D{"2048", "4096"} = }) > + > + =A0 =A0 =A0 =A0 -- Add in the default days > + =A0 =A0 =A0 =A0 local validdays =3D getconfigentry(config.ca.default_ca= , > "default_days") > + =A0 =A0 =A0 =A0 defaults.value.validdays =3D cfe({ type=3D"text", label= =3D"Period > of Validity (Days)", value=3Dvaliddays, descr=3D"Number of days this > certificate is valid for" }) > + > =A0 =A0 =A0 =A0-- Add in the ca type default > =A0 =A0 =A0 =A0defaults.value.certtype =3D cfe({ type=3D"select", label= =3D"Certificate > Type", > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0value=3Dconfig.ca.default_ca, option=3Dfin= d_ca_sections() }) > @@ -339,9 +347,10 @@ setreqdefaults =3D function(defaults) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ext_section =3D config.req= .req_extensions > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0config =3D nil > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D > format.update_ini_file(fileval,"","default_days",defaults.value.validdays= .value) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.set_ini_section(fileval= , ext_section, > format.dostounix(defaults.value.extensions.value)) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.update_ini_file(fileval= , "ca", > "default_ca", defaults.value.certtype.value) > - =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D write_distinguished_names(filev= al, defaults, > {"certtype", "extensions"}) > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D write_distinguished_names(filev= al, defaults, > {"certtype", "extensions", "validdays"}) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fs.write_file(configfile, fileval) > =A0 =A0 =A0 =A0end > > @@ -383,6 +392,11 @@ submitrequest =3D function(defaults, user) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0defaults.errtxt =3D "Failed to submit requ= est\nRequest > already exists" > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0success =3D false > =A0 =A0 =A0 =A0end > + > + =A0 =A0 =A0 if not tonumber(defaults.value.validdays.value) then > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 defaults.value.validdays.errtxt =3D "Period= of Validity > is not a number" > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 success =3D false > + =A0 =A0 =A0 end > > =A0 =A0 =A0 =A0if success then > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Submit the request > @@ -403,7 +417,9 @@ submitrequest =3D function(defaults, user) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end > - > + > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D format.update_ini_file(fileval, > "req","default_bits",defaults.value.encryption.value) > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D format.update_ini_file(fileval, > "","default_days",defaults.value.validdays.value) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.set_ini_section(fileval= , ext_section, > content) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.update_ini_file(fileval= , "req", > "req_extensions", ext_section) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fs.write_file(reqname..".cfg", fileval) > @@ -470,7 +486,7 @@ approverequest =3D function(request) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0local certname =3D certdir..request.."."..= serial > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Now, sign the certificate > - =A0 =A0 =A0 =A0 =A0 =A0 =A0 local cmd =3D path .. "openssl ca -config > "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr > -out "..format.escapespecialcharacters(certname)..".crt -name > "..format.escapespecialcharacters(certtype).." -batch 2>&1" > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 local cmd =3D path .. "openssl ca -config > "..format.escapespecialcharacters(reqpath)..".cfg -in > "..format.escapespecialcharacters(reqpath)..".csr -out > "..format.escapespecialcharacters(certname)..".crt -name > "..format.escapespecialcharacters(certtype).." -batch 2>&1" > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0local f =3D io.popen(cmd) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0cmdresult.value =3D f:read("*a") > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0f:close() > @@ -680,6 +696,14 @@ getcrl =3D function(crltype) > =A0 =A0 =A0 =A0return crlfile > =A0end > > +getpem =3D function(pem) > + =A0 =A0 =A0 =A0local f =3D fs.read_file(pem) or "" > + =A0 =A0 =A0 =A0local fname =3D string.gsub(pem, ".*/", "") > + =A0 =A0 =A0 =A0if validator.is_valid_filename(pem, openssldir) then > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return cfe({ type=3D"raw", value=3Df, la= bel=3Dfname, > option=3D"application/x-pkcs12" }) > + =A0 =A0 =A0 =A0end > +end > + > =A0getnewputca =3D function() > =A0 =A0 =A0 =A0local ca =3D cfe({ type=3D"raw", value=3D0, label=3D"CA Ce= rtificate", > descr=3D'File must be a password protected ".pfx" file' }) > =A0 =A0 =A0 =A0local password =3D cfe({ label=3D"Certificate Password" }) > diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp > index 2bc3af9..acbe8ed 100644 > --- a/openssl-request-html.lsp > +++ b/openssl-request-html.lsp > @@ -8,7 +8,7 @@ > =A0 =A0 =A0 =A0form.value.password_confirm.type =3D "password" > =A0 =A0 =A0 =A0local order =3D { "countryName", "C", "stateOrProvinceName= ", > "ST", "localityName", "L", "organizationName", "O", > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"organizationalUnitName", = "OU", "commonName", > "CN", "emailAddress" } > - =A0 =A0 =A0 local finishingorder =3D { "certtype", "extensions", "passw= ord", > "password_confirm" } > + =A0 =A0 =A0 local finishingorder =3D { "certtype", "validdays", > "extensions", "password", "password_confirm" } > =A0 =A0 =A0 =A0displayform(form, order, finishingorder) > =A0%> > > diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp > index 1837ab0..0f73d35 100644 > --- a/openssl-status-html.lsp > +++ b/openssl-status-html.lsp > @@ -32,4 +32,5 @@ > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end > =A0 =A0 =A0 =A0end > =A0end %> > - > +<% if viewlibrary.check_permission("downloadpem") then %>

Download > +Certificate

<%=3D > html.link{value=3D"downloadpem?dlpath=3D"..html.html_escape(view.value.ca= cert.value), > label=3D"Download "..view.value.cacert.value } %>
<% end %> > diff --git a/openssl.roles b/openssl.roles > index eb63818..03f5df1 100644 > --- a/openssl.roles > +++ b/openssl.roles > @@ -1,6 +1,6 @@ > =A0USER=3Dopenssl:status,openssl:getrevoked > =A0EDITOR=3Dopenssl:editdefaults > =A0CERT_REQUESTER=3Dopenssl:read,openssl:request,openssl:viewrequest,open= ssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewce= rt > -CERT_APPROVER=3Dopenssl:readall,openssl:approve,openssl:viewrequest,open= ssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:d= eletecert,openssl:renewcert > -EXPERT=3Dopenssl:putcacert,openssl:generatecacert,openssl:editconfigfile= ,openssl:checkenvironment > -ADMIN=3Dopenssl:status,openssl:getrevoked,openssl:editdefaults,openssl:r= ead,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:vie= wcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl= :readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:delet= ecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:ed= itconfigfile,openssl:checkenvironment > +CERT_APPROVER=3Dopenssl:readall, > openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,= openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,opens= sl:downloadpem > +EXPERT=3Dopenssl:putcacert,openssl:generatecacert,openssl:editconfigfile= ,openssl:checkenvironment,openssl:downloadpem > +ADMIN=3Dopenssl:status,openssl:getrevoked,openssl:editdefaults,openssl:r= ead,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:vie= wcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl= :readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:delet= ecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:ed= itconfigfile,openssl:checkenvironment,openssl:downloadpem > -- > 1.7.5.4 > > > --- > Unsubscribe:=A0 alpine-devel+unsubscribe@lists.alpinelinux.org > Help:=A0 =A0 =A0 =A0 alpine-devel+help@lists.alpinelinux.org > --- > > > > --=20 Jeff --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---