871566 – Need better scripting for self-signed certs

Bug 871566 - Need better scripting for self-signed certs

Summary: Need better scripting for self-signed certs

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssl
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-10-30 17:51 UTC by Philip Prindeville
Modified:	2012-12-21 18:21 UTC (History)
CC List:	2 users (show)
Fixed In Version:	openssl-1.0.1c-11.fc19
Clone Of:
Environment:
Last Closed:	2012-12-21 18:20:08 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Renew a PEM file (829 bytes, text/plain) 2012-11-27 21:10 UTC, Philip Prindeville	no flags	Details
View All

Description Philip Prindeville 2012-10-30 17:51:08 UTC

Description of problem:

We can create a self-signed cert for 1 year with /etc/pki/tls/certs/make-dummy-cert (or similarly, with the Makefile in the same directory), but there's no accompanying scripting to re-issue a cert good for another year.

Version-Release number of selected component (if applicable):

openssl-1.0.0j-1

How reproducible:


Steps to Reproduce:
1. Generate a cert with make-dummy-cert
2. Wait 1 year
3. Try to reissue an updated cert... you can't with the existing scripting
  
Actual results:


Expected results:


Additional info:

Comment 1 Philip Prindeville 2012-11-23 19:12:17 UTC

Can we get an estimate of when this might be fixed?

Thanks.

Comment 2 Tomas Mraz 2012-11-26 09:43:36 UTC

Unfortunately I cannot give you such estimate. I suggest you to work with upstream on this issue.

Comment 3 Philip Prindeville 2012-11-26 17:53:53 UTC

(In reply to comment #2)
> Unfortunately I cannot give you such estimate. I suggest you to work with
> upstream on this issue.

The make-dummy-cert and makefile aren't part of the tarball, so I'm assuming they aren't part of what comes from upstream either.

That suggests that they are Fedora-isms.

Comment 4 Tomas Mraz 2012-11-26 19:21:30 UTC

Heh, you're right. Anyway I'd suggest you to provide a patch that would implement this functionality if you want to get the functionality included in Fedora as soon as possible.

Comment 5 Philip Prindeville 2012-11-27 21:10:12 UTC

Created attachment 653118 [details]
Renew a PEM file

Comment 6 Tomas Mraz 2012-12-21 18:21:15 UTC

Included with the name renew-dummy-cert along the make-dummy-cert script.

Note You need to log in before you can comment on or make changes to this bug.