Don't make root CA if it exists
To support multinode testing where we just copy the CA to all the instances don't remake the CA if it already exists. The end result is that you can trusty a single chain and all your clients will be happy regardless of which host they are talking to. Change-Id: I90892e6828a59fa37af717361a2f1eed15a87ae4
This commit is contained in:
Clark Boylan
Sean Dague
parent
a2d1848419
commit
323b726783
4
lib/tls
4
lib/tls
@ -322,6 +322,7 @@ function make_root_CA {
|
||||
create_CA_base $ca_dir
|
||||
create_CA_config $ca_dir 'Root CA'
|
||||
|
||||
if [ ! -r "$ca_dir/cacert.pem" ]; then
|
||||
# Create a self-signed certificate valid for 5 years
|
||||
$OPENSSL req -config $ca_dir/ca.conf \
|
||||
-x509 \
|
||||
@ -331,6 +332,7 @@ function make_root_CA {
|
||||
-keyout $ca_dir/private/cacert.key \
|
||||
-out $ca_dir/cacert.pem \
|
||||
-outform PEM
|
||||
fi
|
||||
}
|
||||
|
||||
# If a non-system python-requests is installed then it will use the
|
||||
@ -507,7 +509,7 @@ function cleanup_CA {
|
||||
sudo update-ca-certificates
|
||||
fi
|
||||
|
||||
rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
|
||||
rm -rf "$INT_CA_DIR" "$ROOT_CA_DIR" "$DEVSTACK_CERT"
|
||||
}
|
||||
|
||||
# Tell emacs to use shell-script-mode
|
||||
|
||||
Loading…
Reference in New Issue
Block a user