From: Adam Chlipala <adamc@hcoop.net>
Date: Sat, 16 Jun 2007 20:32:36 +0000 (+0000)
Subject: A little more verbose on SSL context error; script for creating daemon certs
X-Git-Tag: release_2010-11-19~196
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/25c93232ead88499dc1d1b5bf145e8fbfdb5bbe8?hp=fdf9a42df2892bae989ec2d47d5c22817dec7271

A little more verbose on SSL context error; script for creating daemon certs
---

diff --git a/Makefile b/Makefile
index b812465..68feaf0 100644
--- a/Makefile
+++ b/Makefile
@@ -143,6 +143,7 @@ install:
 	cp scripts/domtool-reset-local /usr/local/sbin/
 	cp scripts/domtool-adduser /usr/local/bin/
 	cp scripts/domtool-addcert /usr/local/bin/
+	cp scripts/domtool-addcert-daemon /usr/local/bin/
 	cp scripts/domtool-addacl /usr/local/bin/
 	cp scripts/domtool-rmuser /usr/local/bin/
 	cp scripts/domtool-admin-sudo /usr/local/bin/
diff --git a/scripts/domtool-addcert-daemon b/scripts/domtool-addcert-daemon
new file mode 100755
index 0000000..96242f4
--- /dev/null
+++ b/scripts/domtool-addcert-daemon
@@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
+ KEYFILE=$KEYDIR/key.pem
+CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
+  NEWREQ=~/.newreq.pem
+     NEW=~/.new.pem
+   KEYIN=~/.keyin
+
+mkdir $KEYDIR || echo Already exists
+openssl genrsa -out $KEYFILE
+chown -R domtool.domtool $KEYDIR
+echo "." >$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "$1" >>$KEYIN
+echo "$1@hcoop.net" >>$KEYIN
+echo "" >>$KEYIN
+echo "" >>$KEYIN
+openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
+rm $KEYIN
+cat $NEWREQ $KEYFILE >$NEW
+rm $NEWREQ
+openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
+rm $NEW
+chown domtool.domtool $CERTFILE
diff --git a/src/main.sml b/src/main.sml
index a8cf180..798ede2 100644
--- a/src/main.sml
+++ b/src/main.sml
@@ -172,8 +172,9 @@ val self =
 
 fun context x =
     (OpenSSL.context false x)
-    handle e as OpenSSL.OpenSSL _ =>
+    handle e as OpenSSL.OpenSSL s =>
 	   (print "Couldn't find your certificate.\nYou probably haven't been given any Domtool privileges.\n";
+	    print ("Additional information: " ^ s ^ "\n");
 	    raise e)
 
 fun setupUser () =