Stuart Henderson <st...@openbsd.org> writes:
> This avoids breaking with shell special characters. OK for the simple
> fix? Or is there a safer way to feed in the password?
OK. I only took a quick look at it, but -key seems the only way to pass
the password, and switching this to execv(e) seems intrusive.
> I also noticed that ikeca.cnf doesn't get installed (the distribution:
> target in ikectl/Makefile is commented out), is there a reason for
> that?
>
> Index: ikeca.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ikectl/ikeca.c,v
> retrieving revision 1.30
> diff -u -p -r1.30 ikeca.c
> --- ikeca.c 16 Jan 2015 06:40:17 -0000 1.30
> +++ ikeca.c 23 Jul 2015 15:57:57 -0000
> @@ -774,7 +774,7 @@ ca_revoke(struct ca *ca, char *keyname)
> if (keyname) {
> snprintf(cmd, sizeof(cmd), "env CADB='%s/index.txt' "
> " %s ca %s-config %s -keyfile %s/private/ca.key"
> - " -key %s"
> + " -key '%s'"
> " -cert %s/ca.crt"
> " -md sha1"
> " -revoke %s/%s.crt",
> @@ -785,7 +785,7 @@ ca_revoke(struct ca *ca, char *keyname)
>
> snprintf(cmd, sizeof(cmd), "env CADB='%s/index.txt' "
> " %s ca %s-config %s -keyfile %s/private/ca.key"
> - " -key %s"
> + " -key '%s'"
> " -gencrl"
> " -cert %s/ca.crt"
> " -md sha1"
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
