summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-08-01 17:56:45 -0400
committerJune McEnroe <june@causal.agency>2020-08-01 17:56:45 -0400
commitae3b959f61ee8946b19a6f3cc62660b93d8a45a1 (patch)
treedc9166d0453d42f4e8e4c9f61f376c3f1770ce42
parentRemove compat.h (diff)
downloadpounce-ae3b959f61ee8946b19a6f3cc62660b93d8a45a1.tar.gz
pounce-ae3b959f61ee8946b19a6f3cc62660b93d8a45a1.zip
Fix signing certificates with -A and -g
Always generate a certificate request and pipe it to be signed, either
by the CA or by itself.
-rw-r--r--bounce.c18
1 files changed, 7 insertions, 11 deletions
diff --git a/bounce.c b/bounce.c
index 8b9ea11..2da86bc 100644
--- a/bounce.c
+++ b/bounce.c
@@ -72,15 +72,15 @@ static void hashPass(void) {
 	printf("%s\n", crypt(pass, salt));
 }
 
-static void genKey(const char *path) {
+static void genReq(const char *path) {
 	const char *name = strrchr(path, '/');
 	name = (name ? &name[1] : path);
 	char subj[256];
 	snprintf(subj, sizeof(subj), "/CN=%.*s", (int)strcspn(name, "."), name);
 	execlp(
 		OPENSSL_BIN, "openssl", "req",
-		"-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "3650",
-		"-nodes", "-subj", subj, "-keyout", path,
+		"-new", "-newkey", "rsa:4096", "-sha256", "-nodes",
+		"-subj", subj, "-keyout", path,
 		NULL
 	);
 	err(EX_UNAVAILABLE, "openssl");
@@ -96,12 +96,6 @@ static void genCert(const char *path, const char *ca) {
 	int out = open(path, O_WRONLY | O_APPEND | O_CREAT, 0600);
 	if (out < 0) err(EX_CANTCREAT, "%s", path);
 
-	redir(STDOUT_FILENO, out);
-	if (!ca) {
-		genKey(path);
-		return;
-	}
-
 	int rw[2];
 	int error = pipe(rw);
 	if (error) err(EX_OSERR, "pipe");
@@ -111,14 +105,16 @@ static void genCert(const char *path, const char *ca) {
 	if (!pid) {
 		close(rw[0]);
 		redir(STDOUT_FILENO, rw[1]);
-		genKey(path);
+		genReq(path);
 	}
 
 	close(rw[1]);
 	redir(STDIN_FILENO, rw[0]);
+	redir(STDOUT_FILENO, out);
 	execlp(
 		OPENSSL_BIN, "openssl", "x509",
-		"-CA", ca, "-CAcreateserial", "-days", "3650",
+		"-req", "-days", "3650", "-CAcreateserial",
+		(ca ? "-CA" : "-signkey"), (ca ? ca : path),
 		NULL
 	);
 	err(EX_UNAVAILABLE, "openssl");