fix slash client, the openssl can't parse dn with slashes without escaping the slashe...

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index d703307..e9a235a 100755 (executable)
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -44,7 +44,7 @@ function create_cert {
     # if we are in a state where we are generating proxies (${CA_DIR}/serial_proxy.txt exists)
     # then let's transfer the serial number of the last proxy to the serial.txt file for the 
     # next new certificate...
-    CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE -subj \"$dn\" -passout pass:$PASSWORD"
+    CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE -passout pass:$PASSWORD"
 
     case $flags in
         clientserial)
@@ -80,13 +80,13 @@ function create_cert {
        clientfuture)
            echo future user cert $flags
            flags="client"
-           CMD="$CMD "
+           CMD="$CMD -subj \"$dn\""
            castring=" -startdate 350101000000Z"
            ;;
        client_slash)
-           echo future user cert $flags
+           echo user cert with slash and dots in DN$flags
            flags="client"
-           CMD="$CMD -subj \"`echo $dn | sed 's/Utopia/http:\/\/slash.slash.edu:7656\/testing/'`\""
+           CMD="$CMD -subj \"$(echo $dn | sed 's/Utopia/http:\\\/\\\/slash.slash.edu:7656\\\/testing/')\""
            ;;
         *)
            echo normal cert $flags
@@ -151,7 +151,7 @@ function create_cert_proxy {
     if [ x$ident == "xproxy_dnerror2" ]; then
        dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'` dnerror2/CN=$4"
     else
-       dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'`/CN=$4"
+       dn="$(openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //' |sed 's/http:\/\/slash.slash.edu:7656\/testing/http:\\\/\\\/slash.slash.edu:7656\\\/testing/')/CN=$4"
     fi
  
     echo "Creating a proxy cert ${X509_PROX_CERT} for '$dn"
@@ -788,7 +788,6 @@ function create_all {
     create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
     create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
     create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
-    openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
     
     if [ $catype == "trusted" ]; then
        
@@ -1009,6 +1008,7 @@ function create_all {
 
     # generating CRL
     openssl ca -gencrl -crldays $DAYS -out $CA_DIR/${catype}.crl -config $REQ_CONFIG_FILE
+#    openssl ca -gencrl -crldays $DAYS -out $CA_DIR/${catype}.crl -config $REQ_CONFIG_FILE -crlexts crl_some_reasons -ver
 
     # If we have the trusted CA, then generate a user cert/key pair
     # And also a host cert/key pair.

diff --git a/config/req_conf.cnf b/config/req_conf.cnf
index 9e34fd8..e874a11 100644 (file)
--- a/config/req_conf.cnf
+++ b/config/req_conf.cnf
@@ -110,3 +110,12 @@ proxyCertInfo=critical,language:id-ppl-independent,pathlen:1
 \r
 [ proxy_rfc_limited ]\r
 proxyCertInfo=critical,language:limitedProxyOid\r
+\r
+[ crl_some_reasons ]\r
+crlDistributionPoints=crldp1_section\r
+\r
+[crldp1_section]\r
+fullname=URI:http://myhost.com/myca.crl\r
+CRLissuer=dirName:issuer_sect\r
+reasons=keyCompromise, CACompromise\r
+\r