lib/functions.rb in ovpn-key-0.8.2 vs lib/functions.rb in ovpn-key-0.8.3
- old
+ new
@@ -24,15 +24,15 @@
break unless password.empty?
end
password
end
-def unencrypt_ca_key
+def unencrypt_ca_key(pass = '')
begin
- OpenSSL::PKey::RSA.new File.read('ca.key'), ''
+ OpenSSL::PKey::RSA.new File.read('ca.key'), pass
rescue OpenSSL::PKey::RSAError
- # this means the file is encrypted
+ # this means the file is encrypted or pass is wrong
OpenSSL::PKey::RSA.new File.read('ca.key'), ask_password('ca')
end
rescue OpenSSL::PKey::RSAError
retry
end
@@ -125,11 +125,11 @@
rev.time = Time.now
}
crl.next_update = Time.now + EXPIRE['crl'] * 86_400 # days to seconds
crl.add_revoked(revoke)
begin
- update_crl(crl, ask_password('ca'))
+ update_crl(crl, '')
rescue OpenSSL::PKey::RSAError
retry
end
%w[crt key].each {|ext| File.delete "#{certname}.#{ext}" }
@@ -144,13 +144,12 @@
end
# rubocop:disable Metrics/AbcSize
def update_crl(crl, ca_pass)
# rubocop:enable Metrics/AbcSize
- ca_key = OpenSSL::PKey::RSA.new File.read('ca.key'), ca_pass
+ ca_key = unencrypt_ca_key(ca_pass)
crl.last_update = Time.now
crl.next_update = Time.now + EXPIRE['crl'] * 86_400 # days to seconds
- crl.version = crl.version + 1
crl.sign(ca_key, OpenSSL::Digest.new(DIGEST))
File.open(CRL_FILE, 'w') {|f| f.write crl.to_pem }
end
def new_serial