diff options
author | Dave Brolley <brolley@redhat.com> | 2009-01-13 13:38:41 -0500 |
---|---|---|
committer | Dave Brolley <brolley@redhat.com> | 2009-01-13 13:38:41 -0500 |
commit | 790c4dd6eff3fbc127b67e23478d7edc6bf1cd08 (patch) | |
tree | 0ea6b20f76a39f9570c4be5f8f3ff5d1e0d32ce1 | |
parent | a50cb7894f72eb3ac3301adde9950d12425594b7 (diff) | |
download | systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.tar.gz systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.tar.xz systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.zip |
Separate the creation of the server's certificate from its addition to the
client-side database.
-rw-r--r-- | ChangeLog | 7 | ||||
-rwxr-xr-x | stap-add-server-cert | 10 | ||||
-rwxr-xr-x | stap-gen-server-cert | 4 | ||||
-rwxr-xr-x | stap-serverd | 3 |
4 files changed, 13 insertions, 11 deletions
@@ -1,9 +1,12 @@ 2009-01-13 Dave Brolley <brolley@redhat.com> * stap-add-server-cert: Failure to make the client database readable - is now only a warning. + is now only a warning. Directory argument now refers to the location + of the 'client' directory. * stap-gen-server-cert: Ensure that the certificate is readable by - all. Warn if unsuccessful. + all. Warn if unsuccessful. Don't add the certificate to the local + client-side database. + * stap-serverd: Call stap-add-server-cert after stap-gen-server-cert. 2009-01-11 Wenji Huang <wenji.huang@oracle.com> diff --git a/stap-add-server-cert b/stap-add-server-cert index 81424c82..976f323f 100755 --- a/stap-add-server-cert +++ b/stap-add-server-cert @@ -25,21 +25,21 @@ if test "X$2" = "X"; then echo "Certificate database directory must be specified" >&2 exit 1 fi -if ! test -d $2; then - if ! mkdir -p $2; then - echo "Unable to find or create the client certificate database directory: $2" >&2 +if ! test -d $2/client; then + if ! mkdir -p $2/client; then + echo "Unable to find or create the client certificate database directory: $2/client" >&2 exit 1 fi fi # Add the certificate -if ! certutil -A -n stap-server -d $2 -i $1 -t "P,P,P" > /dev/null; then +if ! certutil -A -n stap-server -d $2/client -i $1 -t "P,P,P" > /dev/null; then echo "Unable to add $1 to the client certificate database $2" >&2 exit 1 fi # Ensure that the database is readable by others -if ! chmod +r $2/*.db; then +if ! chmod +r $2/client/*.db; then echo "Warning: unable to make the client certificate database $2 readable by others" >&2 fi diff --git a/stap-gen-server-cert b/stap-gen-server-cert index af3a5917..f6445d8d 100755 --- a/stap-gen-server-cert +++ b/stap-gen-server-cert @@ -90,7 +90,3 @@ fi # Add the certificate to the server's certificate/key database as a trusted peer, ssl server and object signer certutil -A -n stap-server -t "PCu,,PCu" -i $serverdb/stap-server.cert -d $serverdb -f $serverdb/pw - -# Now add the server's certificate to the client's database, making it a trusted peer. -clientdb=$1/client -`dirname $0`/stap-add-server-cert $serverdb/stap-server.cert $clientdb diff --git a/stap-serverd b/stap-serverd index bd1c27db..2971c67f 100755 --- a/stap-serverd +++ b/stap-serverd @@ -46,6 +46,9 @@ function initialization { fi if ! test -f $ssl_db/stap-server.cert; then stap-gen-server-cert `dirname $ssl_db` || exit 1 + # Now add the server's certificate to the client's database, + # making it a trusted peer. + stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` || exit 1 fi fi nss_pw=$ssl_db/pw |