@@ -1364,7 +1364,9 @@ case "${WITH_SSL_CLIENT}${WITH_SSL_SERVER}" in
13641364 pk12util -o rootca.p12 -n " ${TESTCERT_ROOTCA_NAME} " . -k .pwfile -w .pwfile
13651365 }
13661366 if pk12cmd > /dev/null 2>&1 ; then
1367- openssl pkcs12 -in rootca.p12 -out rootca.key -nodes -nocerts -passin file:.pwfile \
1367+ openssl pkcs12 -in rootca.p12 \
1368+ -out rootca.key -nodes -nocerts \
1369+ -passin file:.pwfile \
13681370 && log_info " Exported NSS CA key to OpenSSL PEM"
13691371 fi
13701372 fi
@@ -1595,7 +1597,10 @@ EOF
15951597 # server.crt is already PEM (from signing step)
15961598 mkpk12key () {
15971599 if pk12cmd > /dev/null 2>&1 ; then
1598- openssl pkcs12 -in server.p12 -out server.key -nodes -nocerts -passin file:.pwfile " $@ "
1600+ openssl pkcs12 -in server.p12 \
1601+ -out server.key \
1602+ -nodes -nocerts \
1603+ -passin file:.pwfile " $@ "
15991604 && log_info " Exported NSS Server key to OpenSSL PEM"
16001605 fi
16011606 }
@@ -1690,7 +1695,11 @@ EOF
16901695 || die " Could not import the CA certificate to NSS Server database"
16911696
16921697 # Import Server certificate and key
1693- openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile " ${TESTCERT_PATH_ROOTCA} " " ${TESTCERT_SERVER_NAME} "
1698+ openssl pkcs12 -export -out server.p12 \
1699+ -inkey server.key -in server.crt \
1700+ -certfile " ${TESTCERT_PATH_ROOTCA} "
1701+ -name " ${TESTCERT_SERVER_NAME} "
1702+ -passout file:.pwfile \
16941703 || die " Could not package Server cert to PKCS#12 for NSS import"
16951704
16961705 pk12util -i server.p12 -d . -k .pwfile -w .pwfile \
@@ -1821,7 +1830,11 @@ EOF
18211830 OpenSSL)
18221831 # Create a client certificate request:
18231832 MSYS_NO_PATHCONV=1 \
1824- openssl req -new -nodes -out client.req -newkey rsa:4096 -passout file:.pwfile -keyout client.key -subj " /CN=${TESTCERT_CLIENT_NAME} /OU=Test/O=NIT/ST=StateOfChaos/C=US"
1833+ openssl req -new -nodes \
1834+ -out client.req -newkey rsa:4096 \
1835+ -passout file:.pwfile \
1836+ -keyout client.key \
1837+ -subj " /CN=${TESTCERT_CLIENT_NAME} /OU=Test/O=NIT/ST=StateOfChaos/C=US"
18251838 || die " Could not create a OpenSSL Client certificate request"
18261839 cat > client.v3.ext << EOF
18271840authorityKeyIdentifier=keyid,issuer
@@ -1843,7 +1856,12 @@ IP.3 = 127.1.2.`expr $$ % 200`
18431856EOF
18441857 # Sign a certificate request with the CA certificate:
18451858 ( cd " ${TESTCERT_PATH_ROOTCA} "
1846- openssl x509 -req -in " ${TESTCERT_PATH_CLIENT} /client.req" " ${TESTCERT_PATH_CLIENT} /client.crt" " ${TESTCERT_PATH_CLIENT} /client.v3.ext"
1859+ openssl x509 -req -in " ${TESTCERT_PATH_CLIENT} /client.req"
1860+ -passin file:.pwfile \
1861+ -CA rootca.pem -CAkey rootca.key -CAcreateserial \
1862+ -out " ${TESTCERT_PATH_CLIENT} /client.crt"
1863+ -days " ${TESTCERT_VALIDITY_DAYS} "
1864+ -extfile " ${TESTCERT_PATH_CLIENT} /client.v3.ext"
18471865 ) || die " Could not sign a OpenSSL Client certificate request with the OpenSSL CA certificate"
18481866
18491867 cat client.crt " ${TESTCERT_PATH_ROOTCA} " > upsmon.pem \
@@ -1905,9 +1923,12 @@ EOF
19051923 || die " Could not import the Server certificate to NSS Client database"
19061924
19071925 if [ -f client.key ] ; then
1908- # TODO After #3331 merge:
19091926 # Import Client certificate and key
1910- openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt -certfile " ${TESTCERT_PATH_ROOTCA} " " ${TESTCERT_CLIENT_NAME} "
1927+ openssl pkcs12 -export -out client.p12 \
1928+ -inkey client.key -in client.crt \
1929+ -certfile " ${TESTCERT_PATH_ROOTCA} "
1930+ -name " ${TESTCERT_CLIENT_NAME} "
1931+ -passout file:.pwfile \
19111932 || die " Could not package Client cert to PKCS#12 for NSS import"
19121933
19131934 pk12util -i client.p12 -d . -k .pwfile -w .pwfile \
0 commit comments