See attached. Prints "completion" message only on successful return.
Also fixes bug which prevents executing -newreq-nodes option, and
includes newer options in usage message.
Index: openssl-1.0.0d/apps/CA.pl
===================================================================
--- openssl-1.0.0d.orig/apps/CA.pl 2011-05-06 08:02:51.440932632 -0400
+++ openssl-1.0.0d/apps/CA.pl 2011-05-06 08:30:25.212930917 -0400
@@ -63,6 +63,7 @@
$RET = 0;
foreach (@ARGV) {
+ $result='';
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 0;
@@ -70,17 +71,17 @@
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
- print "Certificate is in newcert.pem, private key is in newkey.pem\n"
- } elsif (/^-newreq$/) {
- # create a certificate request
- system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
- $RET=$?;
- print "Request is in newreq.pem, private key is in newkey.pem\n";
+ $result="Certificate is in newcert.pem, private key is in newkey.pem";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request is in newreq.pem, private key is in newkey.pem\n";
+ $result="Request is in newreq.pem, private key is in newkey.pem";
+ } elsif (/^-newreq$/) {
+ # create a certificate request
+ system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ $result="Request is in newreq.pem, private key is in newkey.pem";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -128,7 +129,7 @@
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
- print "PKCS #12 file is in newcert.p12\n";
+ print "PKCS #12 file is in newcert.p12\n" if ($RET==0);
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
@@ -137,19 +138,19 @@
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
- print "Signed certificate is in newcert.pem\n";
+ $result="Signed certificate is in newcert.pem";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
- print "Signed CA certificate is in newcert.pem\n";
+ $result="Signed CA certificate is in newcert.pem";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
- print "Signed certificate is in newcert.pem\n";
+ $result="Signed certificate is in newcert.pem";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
@@ -164,9 +165,10 @@
}
} else {
print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-pkcs12|-sign|-signcert|-verify\n";
exit 1;
}
+ print "$result\n" if ($RET==0);
}
exit $RET;
