1 |
--- |
2 |
eclass/ssl-cert.eclass | 8 +++++--- |
3 |
1 file changed, 5 insertions(+), 3 deletions(-) |
4 |
|
5 |
diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass |
6 |
index 6bec347234d..bfe5291314c 100644 |
7 |
--- a/eclass/ssl-cert.eclass |
8 |
+++ b/eclass/ssl-cert.eclass |
9 |
@@ -1,4 +1,4 @@ |
10 |
-# Copyright 1999-2014 Gentoo Foundation |
11 |
+# Copyright 1999-2017 Gentoo Foundation |
12 |
# Distributed under the terms of the GNU General Public License v2 |
13 |
|
14 |
# @ECLASS: ssl-cert.eclass |
15 |
@@ -66,7 +66,8 @@ gen_cnf() { |
16 |
|
17 |
# These can be overridden in the ebuild |
18 |
SSL_DAYS="${SSL_DAYS:-730}" |
19 |
- SSL_BITS="${SSL_BITS:-1024}" |
20 |
+ SSL_BITS="${SSL_BITS:-4096}" |
21 |
+ SSL_MD="${SSL_MD:-sha256}" |
22 |
SSL_COUNTRY="${SSL_COUNTRY:-US}" |
23 |
SSL_STATE="${SSL_STATE:-California}" |
24 |
SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" |
25 |
@@ -166,6 +167,7 @@ gen_crt() { |
26 |
if [ "${1}" ] ; then |
27 |
ebegin "Generating self-signed X.509 Certificate for CA" |
28 |
openssl x509 -extfile "${SSL_CONF}" \ |
29 |
+ -${SSL_MD} \ |
30 |
-days ${SSL_DAYS} -req -signkey "${base}.key" \ |
31 |
-in "${base}.csr" -out "${base}.crt" &>/dev/null |
32 |
else |
33 |
@@ -173,7 +175,7 @@ gen_crt() { |
34 |
ebegin "Generating authority-signed X.509 Certificate" |
35 |
openssl x509 -extfile "${SSL_CONF}" \ |
36 |
-days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \ |
37 |
- -CAkey "${ca}.key" -CA "${ca}.crt" \ |
38 |
+ -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \ |
39 |
-in "${base}.csr" -out "${base}.crt" &>/dev/null |
40 |
fi |
41 |
eend $? |
42 |
-- |
43 |
2.13.0 |