Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 71afa252500b73a03abc046fbcc0c13d9847cfc5^1..71afa252500b73a03abc046fbcc0c13d9847cfc5 / .
commit71afa252500b73a03abc046fbcc0c13d9847cfc5[log] [tgz]
authorJenkins <jenkins@review.openstack.org>Tue Sep 27 04:03:24 2016 +0000
committerGerrit Code Review <review@openstack.org>Tue Sep 27 04:03:24 2016 +0000
tree6e6176c8f49644d4d495fa014eb5232792034ebd
parent792a7ab31f0553435c02bb230b2c60833eb58c8e [diff]
parent323b726783d6d4ef24a0c9f0d7c77b9e8b152c61 [diff]
Merge "Don't make root CA if it exists"
diff --git a/lib/tls b/lib/tls
index 2c4e18d..2443d7d 100644
--- a/lib/tls
+++ b/lib/tls

@@ -322,15 +322,17 @@
     create_CA_base $ca_dir
     create_CA_config $ca_dir 'Root CA'
 
-    # Create a self-signed certificate valid for 5 years
-    $OPENSSL req -config $ca_dir/ca.conf \
-        -x509 \
-        -nodes \
-        -newkey rsa \
-        -days 21360 \
-        -keyout $ca_dir/private/cacert.key \
-        -out $ca_dir/cacert.pem \
-        -outform PEM
+    if [ ! -r "$ca_dir/cacert.pem" ]; then
+        # Create a self-signed certificate valid for 5 years
+        $OPENSSL req -config $ca_dir/ca.conf \
+            -x509 \
+            -nodes \
+            -newkey rsa \
+            -days 21360 \
+            -keyout $ca_dir/private/cacert.key \
+            -out $ca_dir/cacert.pem \
+            -outform PEM
+    fi
 }
 
 # If a non-system python-requests is installed then it will use the
@@ -507,7 +509,7 @@
         sudo update-ca-certificates
     fi
 
-    rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
+    rm -rf "$INT_CA_DIR" "$ROOT_CA_DIR" "$DEVSTACK_CERT"
 }
 
 # Tell emacs to use shell-script-mode