mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-10-30 01:52:51 +00:00
est_client: fix reenroll call
the wrong certificate was being used Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
@@ -65,11 +65,11 @@ function p7_too_pem(src, dst) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
function call_est_server(cert, target) {
|
function call_est_server(path, cert, target) {
|
||||||
if (generate_csr(cert))
|
if (generate_csr(cert))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
let ret = system('curl -X POST https://qaest.certificates.open-lan.org:8001/.well-known/est/simpleenroll -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
|
let ret = system('curl -X POST https://qaest.certificates.open-lan.org:8001/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
|
||||||
if (ret) {
|
if (ret) {
|
||||||
ulog(LOG_INFO, 'Failed to request operational certificate\n');
|
ulog(LOG_INFO, 'Failed to request operational certificate\n');
|
||||||
return 1;
|
return 1;
|
||||||
@@ -86,7 +86,7 @@ function simpleenroll() {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (call_est_server('/etc/ucentral/cert.pem', '/etc/ucentral/operational.pem'))
|
if (call_est_server('simpleenroll', '/etc/ucentral/cert.pem', '/etc/ucentral/operational.pem'))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
ulog(LOG_INFO, 'Operational cert acquired\n');
|
ulog(LOG_INFO, 'Operational cert acquired\n');
|
||||||
@@ -100,7 +100,7 @@ function simplereenroll() {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (call_est_server('/etc/ucentral/operational.pem', '/tmp/operational.pem'))
|
if (call_est_server('simplereenroll', '/etc/ucentral/operational.pem', '/tmp/operational.pem'))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
ulog(LOG_INFO, 'Operational cert updated\n');
|
ulog(LOG_INFO, 'Operational cert updated\n');
|
||||||
@@ -114,7 +114,7 @@ function load_operational_ca() {
|
|||||||
ulog(LOG_INFO, 'Operational CA is present\n');
|
ulog(LOG_INFO, 'Operational CA is present\n');
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
let ret = system('curl -X GET https://qaest.certificates.open-lan.org:8001/.well-known/est/cacerts --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.ca.nohdr.p7');
|
let ret = system('curl -X GET https://qaest.certificates.open-lan.org:8001/.well-known/est/cacerts --cert /etc/ucentral/operational.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.ca.nohdr.p7');
|
||||||
if (!ret)
|
if (!ret)
|
||||||
ret = p7_too_pem('/tmp/operational.ca.nohdr.p7', '/etc/ucentral/operational.ca');
|
ret = p7_too_pem('/tmp/operational.ca.nohdr.p7', '/etc/ucentral/operational.ca');
|
||||||
if (ret) {
|
if (ret) {
|
||||||
|
|||||||
Reference in New Issue
Block a user