r00t2/bdisk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

yay! SSL gen works.

Browse Source
This commit is contained in:
brent s.
2016-12-06 17:51:36 -05:00
parent 21fe72818c
commit c0048b1003
5 changed files with 261 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
extra/dist.build.ini
View File

@@ -403,6 +403,10 @@ usb = yes
; of curl.
uri = https://bdisk.square-r00t.net
; Directory to hold SSL results, if we are generating
; keys, certificates, etc.
ssldir = ${build:dlpath}/ssl
; Path to the (root) CA certificate file iPXE should use.
; Note that you can use your own CA to sign existing certs.
; See http://ipxe.org/crypto for more info. This is handy if
@@ -411,39 +415,39 @@ uri = https://bdisk.square-r00t.net
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If specified, a matching key (ssl_cakey) MUST be
; 3.) If it exists, a matching key (ssl_cakey) MUST be
; specified
; 4.) HOWEVER, if left blank, one will be automatically
; generated
ssl_ca =
; 4.) HOWEVER, if left blank/doesn't exist, one will be
; automatically generated
ssl_ca = ${ssldir}/ca.crt
; Path to the (root) CA key file iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If left blank (and ssl_ca is also blank),
; one will be automatically generated
; 4.) MUST match ssl_ca if specified
; 3.) If left blank or it doesn't exist (and ssl_ca is also
; blank), one will be automatically generated
; 4.) MUST match ssl_ca if specified/exists
; 5.) MUST NOT be passphrase-protected
ssl_cakey =
ssl_cakey = ${ssldir}/ca.key
; Path to the CLIENT certificate iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 3.) If unspecified, a CA cert (ssl_ca) and key
; (ssl_cakey) MUST be specified
; 4.) HOWEVER, if left blank one will be generated
; 3.) If specified/existent, a matching CA cert (ssl_ca)
; and key (ssl_cakey) MUST be specified
; 4.) HOWEVER, if left blank/nonexistent, one will be generated
; 5.) MUST be signed by ssl_ca/ssl_ca if specified
ssl_crt =
ssl_crt = ${ssldir}/main.crt
; Path to the CLIENT key iPXE should use.
; 0.) No whitespace
; 1.) Must be in PEM/X509 format
; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
; 4.) If left blank (and ssl_ca is also blank),
; 4.) If left blank/nonexistent (and ssl_ca is also blank),
; one will be automatically generated
ssl_key =
ssl_key = ${ssldir}/main.key
#---------------------------------------------------------#