diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping index d2b4ee38..9cfb8a3e 100644 --- a/src/Makefile.housekeeping +++ b/src/Makefile.housekeeping @@ -608,36 +608,39 @@ CFLAGS_clientcert += $(if $(CERT),-DCERTIFICATE="\"$(CERT_INC)\"") # (Single-element) list of client private keys # -KEY_LIST := $(BIN)/.private_key.list -ifeq ($(wildcard $(KEY_LIST)),) -KEY_OLD := +ifdef KEY +PRIVKEY := $(KEY) # Maintain backwards compatibility +endif +PRIVKEY_LIST := $(BIN)/.private_key.list +ifeq ($(wildcard $(PRIVKEY_LIST)),) +PRIVKEY_OLD := else -KEY_OLD := $(shell cat $(KEY_LIST)) +PRIVKEY_OLD := $(shell cat $(PRIVKEY_LIST)) endif -ifneq ($(KEY_OLD),$(KEY)) -$(shell $(ECHO) "$(KEY)" > $(KEY_LIST)) +ifneq ($(PRIVKEY_OLD),$(PRIVKEY)) +$(shell $(ECHO) "$(PRIVKEY)" > $(PRIVKEY_LIST)) endif -$(KEY_LIST) : +$(PRIVKEY_LIST) : -VERYCLEANUP += $(KEY_LIST) +VERYCLEANUP += $(PRIVKEY_LIST) # Embedded client private key # -KEY_INC := $(BIN)/.private_key.der +PRIVKEY_INC := $(BIN)/.private_key.der -ifdef KEY -$(KEY_INC) : $(KEY) $(KEY_LIST) +ifdef PRIVKEY +$(PRIVKEY_INC) : $(PRIVKEY) $(PRIVKEY_LIST) $(Q)$(OPENSSL) rsa -in $< -outform DER -out $@ -clientcert_DEPS += $(KEY_INC) +clientcert_DEPS += $(PRIVKEY_INC) endif -CLEANUP += $(KEY_INC) +CLEANUP += $(PRIVKEY_INC) -clientcert_DEPS += $(KEY_LIST) +clientcert_DEPS += $(PRIVKEY_LIST) -CFLAGS_clientcert += $(if $(KEY),-DPRIVATE_KEY="\"$(KEY_INC)\"") +CFLAGS_clientcert += $(if $(PRIVKEY),-DPRIVATE_KEY="\"$(PRIVKEY_INC)\"") # These files use .incbin inline assembly to include a binary file. # Unfortunately ccache does not detect this dependency and caches diff --git a/src/crypto/clientcert.c b/src/crypto/clientcert.c index 159a3f4e..01ab2e38 100644 --- a/src/crypto/clientcert.c +++ b/src/crypto/clientcert.c @@ -99,8 +99,8 @@ static struct setting cert_setting __setting ( SETTING_CRYPTO ) = { }; /** Client private key setting */ -static struct setting key_setting __setting ( SETTING_CRYPTO ) = { - .name = "key", +static struct setting privkey_setting __setting ( SETTING_CRYPTO ) = { + .name = "privkey", .description = "Client private key", .tag = DHCP_EB_KEY, .type = &setting_type_hex, @@ -146,7 +146,7 @@ static int clientcert_apply_settings ( void ) { /* Fetch new client private key, if any */ free ( key ); - len = fetch_setting_copy ( NULL, &key_setting, &key ); + len = fetch_setting_copy ( NULL, &privkey_setting, &key ); if ( len < 0 ) { rc = len; DBGC ( &client_certificate, "CLIENTCERT cannot fetch "