shithub: riscv

Download patch

ref: be0b39f9c57cc4c2768c341fcf87a15fcab0165c
parent: 69249e8313fb8853c5c162dd16b927099e25bb15
author: cinap_lenrek <[email protected]>
date: Mon Dec 6 10:40:18 EST 2021

acmed(8), rsa(8): add role=client attribute to rsa keys

--- a/sys/man/8/acmed
+++ b/sys/man/8/acmed
@@ -159,7 +159,7 @@
 and certificate signing request file like this:
 .IP
 .EX
-auth/rsagen -t 'service=tls owner=*' > cert.key
+auth/rsagen -t 'service=tls role=client owner=*' > cert.key
 auth/rsa2csr 'CN=mydomain.com' cert.key \\
 	> /sys/lib/tls/acmed/mydomain.com.csr
 .EE
--- a/sys/man/8/rsa
+++ b/sys/man/8/rsa
@@ -277,7 +277,7 @@
 Generate a fresh key and use it to start a TLS-enabled web server:
 .IP
 .EX
-auth/rsagen -t 'service=tls owner=*' >key
+auth/rsagen -t 'service=tls role=client owner=*' >key
 auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
 	auth/pemencode CERTIFICATE >cert
 cat key >/mnt/factotum/ctl
@@ -288,7 +288,7 @@
 allow use of that key for logins:
 .IP
 .EX
-auth/rsagen -t 'service=ssh' >key
+auth/rsagen -t 'service=ssh role=client' >key
 auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
 cat key >/mnt/factotum/ctl
 ssh unix