A little more verbose on SSL context error; script for creating daemon certs

diff --git a/Makefile b/Makefile
index b812465..68feaf0 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -143,6 +143,7 @@ install:
        cp scripts/domtool-reset-local /usr/local/sbin/
        cp scripts/domtool-adduser /usr/local/bin/
        cp scripts/domtool-addcert /usr/local/bin/
+       cp scripts/domtool-addcert-daemon /usr/local/bin/
        cp scripts/domtool-addacl /usr/local/bin/
        cp scripts/domtool-rmuser /usr/local/bin/
        cp scripts/domtool-admin-sudo /usr/local/bin/

diff --git a/scripts/domtool-addcert-daemon b/scripts/domtool-addcert-daemon
new file mode 100755 (executable)
index 0000000..96242f4
--- /dev/null
+++ b/scripts/domtool-addcert-daemon
@@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
+ KEYFILE=$KEYDIR/key.pem
+CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
+  NEWREQ=~/.newreq.pem
+     NEW=~/.new.pem
+   KEYIN=~/.keyin
+
+mkdir $KEYDIR || echo Already exists
+openssl genrsa -out $KEYFILE
+chown -R domtool.domtool $KEYDIR
+echo "." >$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "$1" >>$KEYIN
+echo "$1@hcoop.net" >>$KEYIN
+echo "" >>$KEYIN
+echo "" >>$KEYIN
+openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
+rm $KEYIN
+cat $NEWREQ $KEYFILE >$NEW
+rm $NEWREQ
+openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
+rm $NEW
+chown domtool.domtool $CERTFILE

diff --git a/src/main.sml b/src/main.sml
index a8cf180..798ede2 100644 (file)
--- a/src/main.sml
+++ b/src/main.sml
@@ -172,8 +172,9 @@ val self =
 
 fun context x =
     (OpenSSL.context false x)
-    handle e as OpenSSL.OpenSSL _ =>
+    handle e as OpenSSL.OpenSSL s =>
           (print "Couldn't find your certificate.\nYou probably haven't been given any Domtool privileges.\n";
+           print ("Additional information: " ^ s ^ "\n");
            raise e)
 
 fun setupUser () =