[Asterisk-code-review] ast_tls_cert: Allow private key size to be set on command line (asterisk[13])

George Joseph asteriskteam at digium.com
Thu Feb 20 10:51:34 CST 2020 

George Joseph has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/13810 )

Change subject: ast_tls_cert: Allow private key size to be set on command line
......................................................................

ast_tls_cert: Allow private key size to be set on command line

The default size in release branches will be 1024 but we'll use 2048 in master.

ASTERISK~28750

Change-Id: I435cea18bdd58824ed2b55259575c7ec7133842a
---
M contrib/scripts/ast_tls_cert
1 file changed, 6 insertions(+), 2 deletions(-)

Approvals:
  George Joseph: Looks good to me, approved; Approved for Submit



diff --git a/contrib/scripts/ast_tls_cert b/contrib/scripts/ast_tls_cert
index 116f110..04034f6 100755
--- a/contrib/scripts/ast_tls_cert
+++ b/contrib/scripts/ast_tls_cert
@@ -49,7 +49,7 @@
 create_cert () {
 	local base=${OUTPUT_DIR}/${OUTPUT_BASE}
 	echo "Creating certificate ${base}.key"
-	openssl genrsa -out ${base}.key 1024 > /dev/null
+	openssl genrsa -out ${base}.key ${KEYBITS:-1024} > /dev/null
 	if [ $? -ne 0 ];
 	then
 		echo "Failed"
@@ -87,6 +87,7 @@
   -f  Config filename (openssl config file format)
   -c  CA cert filename (creates new CA cert/key as ca.crt/ca.key if not passed)
   -k  CA key filename
+  -b  The desired size of the private key in bits. Default is 1024.
   -C  Common name (cert field)
         This should be the fully qualified domain name or IP address for
         the client or server. Make sure your certs have unique common
@@ -128,7 +129,7 @@
 CERT_MODE=server
 ORG_NAME=${DEFAULT_ORG}
 
-while getopts "hf:c:k:o:d:m:C:O:" OPTION
+while getopts "hf:c:k:o:d:m:C:O:b:" OPTION
 do
 	case ${OPTION} in
 		h)
@@ -144,6 +145,9 @@
 		k)
 			CAKEY=${OPTARG}
 			;;
+		b)
+			KEYBITS=${OPTARG}
+			;;
 		o)
 			OUTPUT_BASE=${OPTARG}
 			;;

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/13810
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Change-Id: I435cea18bdd58824ed2b55259575c7ec7133842a
Gerrit-Change-Number: 13810
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200220/486f0fbc/attachment.html>

More information about the asterisk-code-review mailing list