Separate the creation of the server's certificate from its addition to the

client-side database.
author: Dave Brolley <brolley@redhat.com> 2009-01-13 13:38:41 -0500
committer: Dave Brolley <brolley@redhat.com> 2009-01-13 13:38:41 -0500
commit: 790c4dd6eff3fbc127b67e23478d7edc6bf1cd08 (patch)
tree: 0ea6b20f76a39f9570c4be5f8f3ff5d1e0d32ce1
parent: a50cb7894f72eb3ac3301adde9950d12425594b7 (diff)
download: systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.tar.gz
systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.tar.xz
systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.zip
4 files changed, 13 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index a74b6dc7..ff418c40 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,12 @@
 2009-01-13  Dave Brolley  <brolley@redhat.com>
 
 	* stap-add-server-cert: Failure to make the client database readable
-	is now only a warning.
+	is now only a warning. Directory argument now refers to the location
+	of the 'client' directory.
 	* stap-gen-server-cert: Ensure that the certificate is readable by
-	all. Warn if unsuccessful.
+	all. Warn if unsuccessful. Don't add the certificate to the local
+	client-side database.
+	* stap-serverd: Call stap-add-server-cert after stap-gen-server-cert.
 
 2009-01-11  Wenji Huang  <wenji.huang@oracle.com>
 
diff --git a/stap-add-server-cert b/stap-add-server-cert
index 81424c82..976f323f 100755
--- a/stap-add-server-cert
+++ b/stap-add-server-cert
@@ -25,21 +25,21 @@ if  test "X$2" = "X"; then
     echo "Certificate database directory must be specified" >&2
     exit 1
 fi
-if ! test -d $2; then
-    if ! mkdir -p $2; then
-	echo "Unable to find or create the client certificate database directory: $2" >&2
+if ! test -d $2/client; then
+    if ! mkdir -p $2/client; then
+	echo "Unable to find or create the client certificate database directory: $2/client" >&2
 	exit 1
     fi
 fi
 
 # Add the certificate
-if ! certutil -A -n stap-server -d $2 -i $1 -t "P,P,P" > /dev/null; then
+if ! certutil -A -n stap-server -d $2/client -i $1 -t "P,P,P" > /dev/null; then
     echo "Unable to add $1 to the client certificate database $2" >&2
     exit 1
 fi
 
 # Ensure that the database is readable by others
-if ! chmod +r $2/*.db; then
+if ! chmod +r $2/client/*.db; then
     echo "Warning: unable to make the client certificate database $2 readable by others" >&2
 fi
 
diff --git a/stap-gen-server-cert b/stap-gen-server-cert
index af3a5917..f6445d8d 100755
--- a/stap-gen-server-cert
+++ b/stap-gen-server-cert
@@ -90,7 +90,3 @@ fi
 
 # Add the certificate to the server's certificate/key database as a trusted peer, ssl server and object signer
 certutil -A -n stap-server -t "PCu,,PCu" -i $serverdb/stap-server.cert -d $serverdb -f $serverdb/pw
-
-# Now add the server's certificate to the client's database, making it a trusted peer.
-clientdb=$1/client
-`dirname $0`/stap-add-server-cert $serverdb/stap-server.cert $clientdb
diff --git a/stap-serverd b/stap-serverd
index bd1c27db..2971c67f 100755
--- a/stap-serverd
+++ b/stap-serverd
@@ -46,6 +46,9 @@ function initialization {
 	fi
 	if ! test -f $ssl_db/stap-server.cert; then
 	    stap-gen-server-cert `dirname $ssl_db` || exit 1
+            # Now add the server's certificate to the client's database,
+	    # making it a trusted peer.
+	    stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` || exit 1
 	fi
     fi
     nss_pw=$ssl_db/pw
author	Dave Brolley <brolley@redhat.com>	2009-01-13 13:38:41 -0500
committer	Dave Brolley <brolley@redhat.com>	2009-01-13 13:38:41 -0500
commit	790c4dd6eff3fbc127b67e23478d7edc6bf1cd08 (patch)
tree	0ea6b20f76a39f9570c4be5f8f3ff5d1e0d32ce1
parent	a50cb7894f72eb3ac3301adde9950d12425594b7 (diff)
download	systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.tar.gz systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.tar.xz systemtap-steved-790c4dd6eff3fbc127b67e23478d7edc6bf1cd08.zip