diff options
| author |   jsg <jsg@openbsd.org> | 2017-06-08 11:45:44 +0000 |
|---|---|---|
| committer | jsg <jsg@openbsd.org> | 2017-06-08 11:45:44 +0000 |
| commit | d535b9ed60d5d0737cbae4a6a6fa998976eca4b7 (patch) | |
| tree | d5a3e4c1a7b1ca12d4a594599b9b59cfe21bdb13 /usr.sbin/ikectl/ikeca.c | |
| parent | Split early startup code out of locore.S into locore0.S. Adjust link (diff) | |
| download | wireguard-openbsd-d535b9ed60d5d0737cbae4a6a6fa998976eca4b7.tar.xz wireguard-openbsd-d535b9ed60d5d0737cbae4a6a6fa998976eca4b7.zip | |
Invoke openssl with -passin file rather than -key in ca_revoke().
From Andrei-Marius Radu via sthen@
Diffstat (limited to 'usr.sbin/ikectl/ikeca.c')
| -rw-r--r-- | usr.sbin/ikectl/ikeca.c | 46 |
1 files changed, 5 insertions, 41 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index 08f96b5f705..3dacac9e83e 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.45 2017/05/31 06:46:57 jsg Exp $ */ +/* $OpenBSD: ikeca.c,v 1.46 2017/06/08 11:45:44 jsg Exp $ */ /* * Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org> @@ -108,7 +108,6 @@ const char *ca_env[][2] = { int ca_sign(struct ca *, char *, int); int ca_request(struct ca *, char *, int); void ca_newpass(char *, char *); -char *ca_readpass(char *, size_t *); int fcopy(char *, char *, mode_t); void fcopy_env(const char *, const char *, mode_t); int rm_dir(char *); @@ -809,33 +808,6 @@ ca_export(struct ca *ca, char *keyname, char *myname, char *password) return (0); } -char * -ca_readpass(char *path, size_t *len) -{ - FILE *f; - char *p, *r; - - if ((f = fopen(path, "r")) == NULL) { - warn("fopen %s", path); - return (NULL); - } - - if ((p = fgetln(f, len)) != NULL) { - if ((r = malloc(*len + 1)) == NULL) - err(1, "malloc"); - memcpy(r, p, *len); - if (r[*len - 1] == '\n') - r[*len - 1] = '\0'; - else - r[*len] = '\0'; - } else - r = NULL; - - fclose(f); - - return (r); -} - /* create index if it doesn't already exist */ void ca_create_index(struct ca *ca) @@ -879,8 +851,6 @@ ca_revoke(struct ca *ca, char *keyname) struct stat st; char cmd[PATH_MAX * 2]; char path[PATH_MAX]; - char *pass; - size_t len; if (keyname) { snprintf(path, sizeof(path), "%s/%s.crt", @@ -891,11 +861,6 @@ ca_revoke(struct ca *ca, char *keyname) } } - snprintf(path, sizeof(path), "%s/ikeca.passwd", ca->sslpath); - pass = ca_readpass(path, &len); - if (pass == NULL) - errx(1, "could not open passphrase file"); - ca_create_index(ca); ca_setenv("$ENV::CADB", ca->index); @@ -908,26 +873,25 @@ ca_revoke(struct ca *ca, char *keyname) if (keyname) { snprintf(cmd, sizeof(cmd), "%s ca %s-config %s -keyfile %s/private/ca.key" - " -key %s" + " -passin file:%s" " -cert %s/ca.crt" " -revoke %s/%s.crt", PATH_OPENSSL, ca->batch, ca->sslcnf, - ca->sslpath, pass, ca->sslpath, ca->sslpath, keyname); + ca->sslpath, ca->passfile, ca->sslpath, ca->sslpath, keyname); system(cmd); } snprintf(cmd, sizeof(cmd), "%s ca %s-config %s -keyfile %s/private/ca.key" - " -key %s" + " -passin file:%s" " -gencrl" " -cert %s/ca.crt" " -crldays 365" " -out %s/ca.crl", PATH_OPENSSL, ca->batch, ca->sslcnf, ca->sslpath, - pass, ca->sslpath, ca->sslpath); + ca->passfile, ca->sslpath, ca->sslpath); system(cmd); - freezero(pass, len); return (0); } |