From 98ebf8956b723b12de652104a6391c26cc638ff9 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Wed, 26 Feb 2020 16:22:45 -0800 Subject: revoke: add unified password input. /proc/x/environ is reportedly 0444 on some Unicies, but oh well. --- revoke.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/revoke.sh b/revoke.sh index cbee629..f45890e 100755 --- a/revoke.sh +++ b/revoke.sh @@ -22,15 +22,23 @@ else echo "$0 [certfile|certname|serial] (configfile)" exit 2 fi - + +echo -n Enter the passphrase for "$CA"/ca/"$CA".key:\ +read -s PASS +echo +export PASS + # Gen signed key echo Adding revocation to index... -openssl ca -config "$OPENSSL_CONFIG" -revoke "$CERT" +openssl ca -config "$OPENSSL_CONFIG" -passin env:PASS -revoke "$CERT" echo Building and signing CRL... -openssl ca -config "$OPENSSL_CONFIG" -gencrl -out "$CA"/ca/"$CA".crl +openssl ca -config "$OPENSSL_CONFIG" -passin env:PASS -gencrl -out "$CA"/ca/"$CA".crl echo openssl crl -in "$CA"/ca/"$CA".crl -text -noout echo + +export -n PASS + if [ -x ./post-revoke ]; then ./post-revoke "$CA"/ca/"$CA".crl "$CERT" else -- cgit v1.2.3