bin: Produce output PEM files with text descriptions of their contents.

This makes them easier to read.  There's a slight risk of someone being
confused by a malicious file whose text representation doesn't contain
an accurate description of the actual contents, but I think that's a
fairly minor consideration.  The files are also larger than they were
previously, but we'll have to put up with that.

diff --git a/bin/add b/bin/add
index 1c2ae81f385320563ed251e503633b072bc621b3..6bd128bd45b1bcb761db3c877c5285dd5d36652b 100755 (executable)
--- a/bin/add
+++ b/bin/add
@@ -77,7 +77,7 @@ db transaction {
 
     ## Copy the file away.
     fresh-temp "$CERTROOT/tmp" tmp {
-      file copy $file $tmp
+      exec openssl req -text -in $file -out $tmp
     }
     cleanup { file delete $tmp }
 

diff --git a/bin/setup b/bin/setup
index ab3d0b2c48ddfbe413e6c638cd22e9b78e871d78..845c2a4d2bcfe8df5cf19454ce9fce08b4096381 100755 (executable)
--- a/bin/setup
+++ b/bin/setup
@@ -64,7 +64,7 @@ make-directories 0750 "private"
 set subject ""
 foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
 exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf"  \
-    -out "ca.cert" -keyout "private/ca.key" \
+    -text -out "ca.cert" -keyout "private/ca.key" \
     -new -x509 -days $C(ca-period) \
     -subj $subject
 file attributes "ca.cert" \

diff --git a/bin/update b/bin/update
index 7031c25877ef6c764d18516fbc23f37cd7617346..bc6841072b1ea1a0ea8d408cc165c17b42cb038d 100755 (executable)
--- a/bin/update
+++ b/bin/update
@@ -50,6 +50,7 @@ archive-certificates
 exec openssl ca -config "etc/openssl.conf" -updatedb 2>@1
 
 ## Generate a CRL.
-exec openssl ca -config "etc/openssl.conf" -gencrl -out "crl" 2>@1
+exec openssl ca -config "etc/openssl.conf" -gencrl | \
+    openssl crl -text -out "crl" 2>@1
 
 ###----- That's all, folks --------------------------------------------------