@@ -36,6 +36,8 @@ my $CACERT = "cacert.pem";
3636my $CACRL = "crl.pem";
3737my $DAYS = "-days 365";
3838my $CADAYS = "-days 1095"; # 3 years
39+ my $EXTENSIONS = "-extensions v3_ca";
40+ my $POLICY = "-policy policy_anything";
3941my $NEWKEY = "newkey.pem";
4042my $NEWREQ = "newreq.pem";
4143my $NEWCERT = "newcert.pem";
@@ -179,7 +181,7 @@ if ($WHAT eq '-newcert' ) {
179181 $RET = run("$CA -create_serial"
180182 . " -out ${CATOP}/$CACERT $CADAYS -batch"
181183 . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
182- . " -extensions v3_ca "
184+ . " $EXTENSIONS "
183185 . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
184186 print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
185187 }
@@ -191,19 +193,19 @@ if ($WHAT eq '-newcert' ) {
191193 . " -export -name \"$cname\" $EXTRA{pkcs12}");
192194 print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
193195} elsif ($WHAT eq '-xsign' ) {
194- $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}");
196+ $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
195197} elsif ($WHAT eq '-sign' ) {
196- $RET = run("$CA -policy policy_anything -out $NEWCERT"
198+ $RET = run("$CA $POLICY -out $NEWCERT"
197199 . " -infiles $NEWREQ $EXTRA{ca}");
198200 print "Signed certificate is in $NEWCERT\n" if $RET == 0;
199201} elsif ($WHAT eq '-signCA' ) {
200- $RET = run("$CA -policy policy_anything -out $NEWCERT"
201- . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}");
202+ $RET = run("$CA $POLICY -out $NEWCERT"
203+ . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
202204 print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
203205} elsif ($WHAT eq '-signcert' ) {
204206 $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
205207 . " -out tmp.pem $EXTRA{x509}");
206- $RET = run("$CA -policy policy_anything -out $NEWCERT"
208+ $RET = run("$CA $POLICY -out $NEWCERT"
207209 . "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
208210 print "Signed certificate is in $NEWCERT\n" if $RET == 0;
209211} elsif ($WHAT eq '-verify' ) {
0 commit comments