| 1 |
--- |
| 2 |
eclass/ssl-cert.eclass | 8 +++++--- |
| 3 |
1 file changed, 5 insertions(+), 3 deletions(-) |
| 4 |
|
| 5 |
diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass |
| 6 |
index 6bec347234d..bfe5291314c 100644 |
| 7 |
--- a/eclass/ssl-cert.eclass |
| 8 |
+++ b/eclass/ssl-cert.eclass |
| 9 |
@@ -1,4 +1,4 @@ |
| 10 |
-# Copyright 1999-2014 Gentoo Foundation |
| 11 |
+# Copyright 1999-2017 Gentoo Foundation |
| 12 |
# Distributed under the terms of the GNU General Public License v2 |
| 13 |
|
| 14 |
# @ECLASS: ssl-cert.eclass |
| 15 |
@@ -66,7 +66,8 @@ gen_cnf() { |
| 16 |
|
| 17 |
# These can be overridden in the ebuild |
| 18 |
SSL_DAYS="${SSL_DAYS:-730}" |
| 19 |
- SSL_BITS="${SSL_BITS:-1024}" |
| 20 |
+ SSL_BITS="${SSL_BITS:-4096}" |
| 21 |
+ SSL_MD="${SSL_MD:-sha256}" |
| 22 |
SSL_COUNTRY="${SSL_COUNTRY:-US}" |
| 23 |
SSL_STATE="${SSL_STATE:-California}" |
| 24 |
SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" |
| 25 |
@@ -166,6 +167,7 @@ gen_crt() { |
| 26 |
if [ "${1}" ] ; then |
| 27 |
ebegin "Generating self-signed X.509 Certificate for CA" |
| 28 |
openssl x509 -extfile "${SSL_CONF}" \ |
| 29 |
+ -${SSL_MD} \ |
| 30 |
-days ${SSL_DAYS} -req -signkey "${base}.key" \ |
| 31 |
-in "${base}.csr" -out "${base}.crt" &>/dev/null |
| 32 |
else |
| 33 |
@@ -173,7 +175,7 @@ gen_crt() { |
| 34 |
ebegin "Generating authority-signed X.509 Certificate" |
| 35 |
openssl x509 -extfile "${SSL_CONF}" \ |
| 36 |
-days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \ |
| 37 |
- -CAkey "${ca}.key" -CA "${ca}.crt" \ |
| 38 |
+ -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \ |
| 39 |
-in "${base}.csr" -out "${base}.crt" &>/dev/null |
| 40 |
fi |
| 41 |
eend $? |
| 42 |
-- |
| 43 |
2.13.0 |
Archives