head 1.11; access; symbols OPENPKG_E1_MP_HEAD:1.10 OPENPKG_E1_MP:1.10 OPENPKG_E1_MP_2_STABLE:1.10 OPENPKG_E1_FP:1.10 OPENPKG_2_STABLE_MP:1.10 OPENPKG_2_STABLE_20061018:1.10 OPENPKG_2_STABLE_20060622:1.10 OPENPKG_2_STABLE:1.10.0.2 OPENPKG_2_STABLE_BP:1.10 OPENPKG_2_5_RELEASE:1.8 OPENPKG_2_5_SOLID:1.8.0.2 OPENPKG_2_5_SOLID_BP:1.8 OPENPKG_2_4_RELEASE:1.4 OPENPKG_2_4_SOLID:1.4.0.2 OPENPKG_2_4_SOLID_BP:1.4; locks; strict; comment @# @; 1.11 date 2007.08.04.16.02.11; author rse; state Exp; branches; next 1.10; commitid mNHXxgcC8Vwy1sss; 1.10 date 2006.04.22.06.38.37; author rse; state Exp; branches; next 1.9; commitid N7tRcwZyTFpTY7ur; 1.9 date 2005.12.01.19.18.47; author rse; state Exp; branches; next 1.8; commitid uoqUZjNELLfFKWbr; 1.8 date 2005.09.22.18.46.36; author rse; state Exp; branches; next 1.7; 1.7 date 2005.07.08.15.40.46; author rse; state Exp; branches; next 1.6; 1.6 date 2005.07.08.15.28.08; author rse; state Exp; branches; next 1.5; 1.5 date 2005.07.08.15.27.11; author rse; state Exp; branches; next 1.4; 1.4 date 2005.05.07.09.13.13; author rse; state Exp; branches; next 1.3; 1.3 date 2005.05.06.19.54.11; author rse; state Exp; branches; next 1.2; 1.2 date 2005.05.02.17.43.38; author rse; state Exp; branches; next 1.1; 1.1 date 2005.05.02.17.37.18; author rse; state Exp; branches; next ; desc @@ 1.11 log @fix usage under newer OpenSSL versions @ text @Index: ca/etc/extensions.conf --- ca/etc/extensions.conf.orig 2007-03-10 23:28:34 +0100 +++ ca/etc/extensions.conf 2007-08-04 18:00:31 +0200 @@@@ -47,7 +47,18 @@@@ crlDistributionPoints = URI:http://ca.example.com/crl-v2.crl certificatePolicies = ia5org,@@certpolicy issuerAltName = email:ca@@example.com,URI:http://ca.example.com -subjectAltName = @@altnames +%ifdef EMAIL +subjectAltName = @@altnames +%endif +%ifdef URI +subjectAltName = @@altnames +%endif +%ifdef DNS +subjectAltName = @@altnames +%endif +%ifdef IP +subjectAltName = @@altnames +%endif [ altnames ] @@@@ -67,11 +78,10 @@@@ [certpolicy] policyIdentifier = 1.1.1.1.1 -## Map this to a real document in your webserver configuration CPS.1 = http://ca.example.com/CPS userNotice.1 = @@notice [notice] -explicitText="Limited Liability, see http://ca.example.com/CP" +explicitText = "Limited Liability, see http://ca.example.com/CP" Index: csp --- csp.orig 2007-03-10 23:28:34 +0100 +++ csp 2007-08-04 18:00:06 +0200 @@@@ -1,9 +1,14 @@@@ -#!/usr/bin/perl +#!@@l_prefix@@/bin/perl -use lib './blib/lib'; +use lib '@@l_prefix@@/libexec/csp'; use CSP; use Getopt::Long; +use Cwd; + +$ENV{CSPHOME} = getcwd() if (not defined($ENV{CSPHOME}) and -d "./csp"); +$ENV{CSPHOME} = '@@l_prefix@@/var/csp/ca' if (not defined($ENV{CSPHOME})); +$ENV{OPENSSL} = '@@l_prefix@@/bin/openssl' if (not defined($ENV{OPENSSL})); sub list_csp { @@@@ -175,6 +180,9 @@@@ my $home = $ENV{CSPHOME} || 'ca'; +die "Panic: Cannot write to \$CSPHOME \"$home\"" + unless -w $home; + mkdir "$home/csp",00755 unless -d "$home/csp"; $name eq '--list' and @ 1.10 log @upgrading package: csp 0.32 -> 0.33 @ text @d2 23 a24 3 --- ca/etc/extensions.conf.orig 2006-04-21 09:15:26 +0200 +++ ca/etc/extensions.conf 2006-04-22 08:35:39 +0200 @@@@ -75,11 +75,10 @@@@ d38 2 a39 2 --- csp.orig 2006-04-21 09:18:10 +0200 +++ csp 2006-04-22 08:35:39 +0200 d57 1 a57 1 @@@@ -176,6 +181,9 @@@@ @ 1.9 log @remove debugging output @ text @a0 11 Index: CSP.pm --- CSP.pm.orig 2005-09-22 18:02:58 +0200 +++ CSP.pm 2005-12-01 20:17:55 +0100 @@@@ -151,7 +151,6 @@@@ my $expr = $1; $expr =~ s/%{([A-Za-z0-9_\.]+)}/\$vars->{$1}/g; - warn "EXPR: \"".$expr."\"\n"; my $result = eval $expr; $self->die("$@@") if $@@; $ctx->push($result); d2 2 a3 2 --- ca/etc/extensions.conf.orig 2005-09-22 18:12:05 +0200 +++ ca/etc/extensions.conf 2005-12-01 20:17:41 +0100 d18 2 a19 2 --- csp.orig 2005-06-02 18:40:20 +0200 +++ csp 2005-12-01 20:17:41 +0100 d37 1 a37 1 @@@@ -175,6 +180,9 @@@@ @ 1.8 log @upgrading package: csp 0.31 -> 0.32 @ text @d1 11 d14 1 a14 1 +++ ca/etc/extensions.conf 2005-09-22 20:43:38 +0200 d30 1 a30 1 +++ csp 2005-09-22 20:43:38 +0200 @ 1.7 log @try to get running under OpenSSL 0.9.8 where a section is not allowed to be empty @ text @d2 3 a4 22 --- ca/etc/extensions.conf.orig 2001-05-28 13:04:20 +0200 +++ ca/etc/extensions.conf 2005-07-08 17:39:44 +0200 @@@@ -47,7 +47,18 @@@@ crlDistributionPoints = URI:http://ca.example.com/crl-v2.crl certificatePolicies = ia5org,@@certpolicy issuerAltName = email:ca@@example.com,URI:http://ca.example.com +%ifdef EMAIL +subjectAltName = @@altnames +%endif +%ifdef URI +subjectAltName = @@altnames +%endif +%ifdef DNS +subjectAltName = @@altnames +%endif +%ifdef IP subjectAltName = @@altnames +%endif [ altnames ] @@@@ -67,11 +78,10 @@@@ d18 2 a19 2 --- csp.orig 2001-05-28 13:32:14 +0200 +++ csp 2005-07-08 17:37:10 +0200 d37 1 a37 1 @@@@ -120,6 +125,9 @@@@ @ 1.6 log @Errr.. backout last change: the POD syntax fix is already in csp.patch.cvs @ text @d3 21 a23 2 +++ ca/etc/extensions.conf 2005-07-08 17:25:42 +0200 @@@@ -67,11 +67,10 @@@@ d38 1 a38 1 +++ csp 2005-07-08 17:25:42 +0200 @ 1.5 log @fix POD syntax @ text @a0 46 Index: CSP.pm --- CSP.pm.orig 2002-09-24 20:33:20 +0200 +++ CSP.pm 2005-07-08 17:26:20 +0200 @@@@ -1523,12 +1523,12 @@@@ CSP is designed to easily handle multiple distinct Certificate Authorities. Hence the name which stands for Certificate Service Provider. -= item o +=item o CSP can be used to produce a web site (certificate repository, CRLs etc etc) without the need for cgi-scripts. -= item o +=item o CSP tries to be as PKIX-compliant as OpenSSL allows. @@@@ -1551,22 +1551,22 @@@@ writer or some other means for making backups of the certificate directory. Day to day operations include the following tasks. -= over 4 +=over 4 -= item 1 +=item 1 Issuing certificates based on pkcs10 or out-of-band (non pkcs10) requests. -= item 2 +=item 2 Backing up the csp main directory (see below) to read-only medium. -= item 3 +=item 3 Producing the public web site and exporting it (typically using floppy or zip-drive) to your web server. -= back +=back =head1 CONFIGURATION @ 1.4 log @be even more smart and detect if the CSPHOME is the CWD @ text @d1 46 d49 1 a49 1 +++ ca/etc/extensions.conf 2005-05-07 09:35:30 +0200 d65 1 a65 1 +++ csp 2005-05-07 09:36:47 +0200 @ 1.3 log @apply the changes the upstream author has in its CVS @ text @d3 1 a3 1 +++ ca/etc/extensions.conf 2005-05-02 19:42:39 +0200 d19 2 a20 2 +++ csp 2005-05-02 19:41:28 +0200 @@@@ -1,6 +1,9 @@@@ a24 3 +$ENV{OPENSSL} = '@@l_prefix@@/bin/openssl' if (not defined($ENV{OPENSSL})); +$ENV{CSPHOME} = '@@l_prefix@@/var/csp/ca' if (not defined($ENV{CSPHOME})); + d29 9 a37 1 @@@@ -120,6 +123,9 @@@@ @ 1.2 log @some additional cosmetics @ text @a0 46 Index: CSP.pm --- CSP.pm.orig 2002-09-24 20:33:20 +0200 +++ CSP.pm 2005-05-02 19:41:28 +0200 @@@@ -1523,12 +1523,12 @@@@ CSP is designed to easily handle multiple distinct Certificate Authorities. Hence the name which stands for Certificate Service Provider. -= item o +=item o CSP can be used to produce a web site (certificate repository, CRLs etc etc) without the need for cgi-scripts. -= item o +=item o CSP tries to be as PKIX-compliant as OpenSSL allows. @@@@ -1551,22 +1551,22 @@@@ writer or some other means for making backups of the certificate directory. Day to day operations include the following tasks. -= over 4 +=over 4 -= item 1 +=item 1 Issuing certificates based on pkcs10 or out-of-band (non pkcs10) requests. -= item 2 +=item 2 Backing up the csp main directory (see below) to read-only medium. -= item 3 +=item 3 Producing the public web site and exporting it (typically using floppy or zip-drive) to your web server. -= back +=back =head1 CONFIGURATION @ 1.1 log @new package: csp 0.26 (Certificate Service Provider) @ text @d3 1 a3 1 +++ CSP.pm 2005-05-02 18:58:32 +0200 d47 16 d65 1 a65 1 +++ csp 2005-05-02 19:18:12 +0200 @