Don't make root CA if it exists
To support multinode testing where we just copy the CA to all the instances don't remake the CA if it already exists. The end result is that you can trusty a single chain and all your clients will be happy regardless of which host they are talking to. Change-Id: I90892e6828a59fa37af717361a2f1eed15a87ae4
This commit is contained in:
parent
a2d1848419
commit
323b726783
22
lib/tls
22
lib/tls
@ -322,15 +322,17 @@ function make_root_CA {
|
||||
create_CA_base $ca_dir
|
||||
create_CA_config $ca_dir 'Root CA'
|
||||
|
||||
# Create a self-signed certificate valid for 5 years
|
||||
$OPENSSL req -config $ca_dir/ca.conf \
|
||||
-x509 \
|
||||
-nodes \
|
||||
-newkey rsa \
|
||||
-days 21360 \
|
||||
-keyout $ca_dir/private/cacert.key \
|
||||
-out $ca_dir/cacert.pem \
|
||||
-outform PEM
|
||||
if [ ! -r "$ca_dir/cacert.pem" ]; then
|
||||
# Create a self-signed certificate valid for 5 years
|
||||
$OPENSSL req -config $ca_dir/ca.conf \
|
||||
-x509 \
|
||||
-nodes \
|
||||
-newkey rsa \
|
||||
-days 21360 \
|
||||
-keyout $ca_dir/private/cacert.key \
|
||||
-out $ca_dir/cacert.pem \
|
||||
-outform PEM
|
||||
fi
|
||||
}
|
||||
|
||||
# If a non-system python-requests is installed then it will use the
|
||||
@ -507,7 +509,7 @@ function cleanup_CA {
|
||||
sudo update-ca-certificates
|
||||
fi
|
||||
|
||||
rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
|
||||
rm -rf "$INT_CA_DIR" "$ROOT_CA_DIR" "$DEVSTACK_CERT"
|
||||
}
|
||||
|
||||
# Tell emacs to use shell-script-mode
|
||||
|
Loading…
x
Reference in New Issue
Block a user