revocation

svn path=/scripts/generate-testrepo.pl; revision=283
author: Rob Austein <sra@hactrn.net> 2006-09-17 16:53:13 +0000
committer: Rob Austein <sra@hactrn.net> 2006-09-17 16:53:13 +0000
commit: 8fdeac5d429c92c4f178b640ad1ff9479dcad3dd (patch)
tree: 4dee383fc70e442580aec9d7c8bdfe527594a914 /scripts/generate-testrepo.pl
parent: add63b55e78bb7c175638f4434f5eccbba39aaad (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/scripts/generate-testrepo.pl b/scripts/generate-testrepo.pl
index 84f1c28f..7b6e222d 100644
--- a/scripts/generate-testrepo.pl
+++ b/scripts/generate-testrepo.pl
@@ -15,6 +15,7 @@ my $passwd	= "fnord";
 my $keybits	= 2048;
 my $verbose	= 0;
 my $debug	= 1;
+my $revoke	= 0;
 
 sub openssl {
     print(STDERR join(" ", qw(+ openssl), @_), "\n")
@@ -178,6 +179,16 @@ EOF
     close(F);
 }
 
+# Revoke old certificates, maybe.
+
+if ($revoke) {
+    for my $cert (glob("*/*.pem")) {
+	my $conf = (split("/", $cert))[0] . ".cnf";
+	openssl("ca", "-verbose", "-config", $conf, "-revoke", $cert);
+	unlink($cert);
+    }
+}
+
 # Run OpenSSL to create the keys and certificates.  We generate keys
 # separately to avoid wasting /dev/random bits if we need to change
 # the configuration.
author	Rob Austein <sra@hactrn.net>	2006-09-17 16:53:13 +0000
committer	Rob Austein <sra@hactrn.net>	2006-09-17 16:53:13 +0000
commit	8fdeac5d429c92c4f178b640ad1ff9479dcad3dd (patch)
tree	4dee383fc70e442580aec9d7c8bdfe527594a914 /scripts/generate-testrepo.pl
parent	add63b55e78bb7c175638f4434f5eccbba39aaad (diff)