From aaa9715a67a67186e6ace3e306a4c4ec1070f742 Mon Sep 17 00:00:00 2001 From: Michael Friedrich Date: Thu, 19 Nov 2015 17:06:41 +0100 Subject: [PATCH] Fix pki new-ca not checking for existing ca files fixes #10677 --- lib/cli/pkiutility.cpp | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/cli/pkiutility.cpp b/lib/cli/pkiutility.cpp index d40cdc2da..6f0faab80 100644 --- a/lib/cli/pkiutility.cpp +++ b/lib/cli/pkiutility.cpp @@ -45,17 +45,20 @@ String PkiUtility::GetLocalCaPath(void) int PkiUtility::NewCa(void) { - String cadir = GetLocalCaPath(); + String caDir = GetLocalCaPath(); + String caCertFile = caDir + "/ca.crt"; + String caKeyFile = caDir + "/ca.key"; + String caSerialFile = caDir + "/serial.txt"; - if (Utility::PathExists(cadir)) { + if (Utility::PathExists(caCertFile) && Utility::PathExists(caKeyFile)) { Log(LogCritical, "cli") - << "CA directory '" << cadir << "' already exists."; + << "CA files '" << caCertFile << "' and '" << caKeyFile << "'already exist."; return 1; } - Utility::MkDirP(cadir, 0700); + Utility::MkDirP(caDir, 0700); - MakeX509CSR("Icinga CA", cadir + "/ca.key", String(), cadir + "/ca.crt", cadir + "/serial.txt", true); + MakeX509CSR("Icinga CA", caKeyFile, String(), caCertFile, caSerialFile, true); return 0; }