summaryrefslogtreecommitdiffstats
path: root/roles/common/files/usr
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-24 17:11:11 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-24 17:12:10 +0200
commit1af3c572eedb0eaddcdc5c9c41d98ff59bb7b2c9 (patch)
tree6af69fd639a051b483528b03959985ab806b2c1c /roles/common/files/usr
parent61ee02ffb5402d93eae59001b91197957a8dcfe2 (diff)
IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.
There is no need to bother with X.509 cruft here.
Diffstat (limited to 'roles/common/files/usr')
-rwxr-xr-xroles/common/files/usr/local/bin/genkeypair.sh5
1 files changed, 4 insertions, 1 deletions
diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh
index 45e2181..01b279a 100755
--- a/roles/common/files/usr/local/bin/genkeypair.sh
+++ b/roles/common/files/usr/local/bin/genkeypair.sh
@@ -47,6 +47,7 @@ usage() {
x509: generate a self-signed X.509 server certificate
csr: generate a Certificate Signing Request
dkim: generate a private key (to use for DKIM signing)
+ keypair: generate a key pair
Options:
-t type: key type (default: rsa)
@@ -88,7 +89,7 @@ dkiminfo() {
[ $# -gt 0 ] || { usage; exit 2; }
cmd="$1"; shift
case "$cmd" in
- x509|csr|dkim) ;;
+ x509|csr|dkim|keypair) ;;
*) echo "Unrecognized command: $cmd" >&2; exit 2
esac
@@ -201,4 +202,6 @@ elif [ "$cmd" = x509 -o "$cmd" = csr ]; then
[ "$cmd" = x509 ] && x509=-x509 || x509=
openssl req -config "$config" -new $x509 ${hash:+-$hash} -days 3650 -key "$privkey" >"$pubkey" || exit 2
fi
+elif [ "$cmd" = keypair -a "$pubkey" ]; then
+ openssl pkey -pubout <"$privkey" >"$pubkey"
fi