From 585568aa8b851d153fbec0a46769b8f12e1df7f4 Mon Sep 17 00:00:00 2001 From: "U-Z690-A\\user" Date: Wed, 29 Jun 2022 20:26:01 -0700 Subject: extendedKeyUsage: decommission ekusub.sh and use environment variables instead ekusub.sh has additionally been generalized into inimodify.sh in case I ever need it in the future for anything else. --- signcsr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'signcsr.sh') diff --git a/signcsr.sh b/signcsr.sh index 910d8d9..0536411 100755 --- a/signcsr.sh +++ b/signcsr.sh @@ -32,7 +32,7 @@ SERIAL=$(cat "$CA"/ca/"$CA".serial) if grep ^SPKAC "$1"; then # SPKAC HTML5 standard [ -n $EKU ] || EKU="clientAuth" # I don't think servers do SPKACs openssl spkac -in "$1" # print key size - openssl ca -config <( ./ekusub.sh "$EKU" < $OPENSSL_CONFIG ) -spkac "$1" -notext + openssl ca -config $OPENSSL_CONFIG -spkac "$1" -notext else # x509 CSR if ! [ -n "$EKU" ]; then [[ "$( openssl req -in $1 -subject -nameopt multiline | grep -E '^ +commonName += ' | head -n 1 )" =~ ^\ +commonName\ +=\ (.+)$ ]] @@ -48,7 +48,7 @@ else # x509 CSR fi fi openssl req -in "$1" -text # print key size - openssl ca -config <( ./ekusub.sh "$EKU" < "$OPENSSL_CONFIG" ) -in "$1" -notext + openssl ca -config "$OPENSSL_CONFIG" -in "$1" -notext fi if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead. -- cgit v1.2.3