gen-ec-cert: reuse the private key if it exists

This commit is contained in:
Lucas 2020-02-13 10:52:55 +00:00
parent ea435f67d5
commit f0505b1d11
1 changed files with 15 additions and 7 deletions

View File

@ -27,13 +27,21 @@ shift $((OPTIND - 1))
[ $# -eq 1 ] && [ -n "$1" ] || usage [ $# -eq 1 ] && [ -n "$1" ] || usage
domain=$1 domain=$1
(umask 077 && openssl genpkey -aes256 \ if [ -f "$domain.key" ]; then
-algorithm ec -pkeyopt ec_paramgen_curve:"$curve" -out "$domain.key") printf "%s: key for %s already exists; reusing it.\n" \
if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then "${0##*/}" "$domain" >&2
# openssl doesn't return an error code if there is a password mismatch else
# or a password too short, and it creates the output file anyways (umask 077 && openssl genpkey -aes256 \
rm -f "$domain.key" -algorithm ec -pkeyopt ec_paramgen_curve:"$curve" \
exit 1 -out "$domain.key")
if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then
# openssl doesn't return an error code if there is a password
# mismatch or a password too short, and it creates the output
# file anyways
rm -f "$domain.key"
exit 1
fi
fi fi
openssl req -new -x509 -days "$days" -subj "/CN=$domain" \ openssl req -new -x509 -days "$days" -subj "/CN=$domain" \
-key "$domain.key" -out "$domain.pem" -key "$domain.key" -out "$domain.pem"