serialize the SSL stuff more

2018-05-10 19:08:06 -04:00 · 2018-05-10 19:08:06 -04:00 · 721c571da6
parent 96bca202f0
commit 721c571da6
2 changed files with 48 additions and 13 deletions
--- a/docs/examples/multi_profile.xml
+++ b/docs/examples/multi_profile.xml
@ -78,10 +78,16 @@
            <iso sign="yes" sync="yes" multiarch="yes" rsync="yes"/>
            <ipxe sign="yes" sync="yes" iso="yes" rsync="yes">
                <ssl>
-                    <ca>{xpath_ref%build/paths/ssl/text()}/ca.crt</ca>
-                    <ca_key>{xpath_ref%build/paths/ssl/text()}/ca.key</ca_key>
-                    <crt>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</crt>
-                    <key>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
+                    <ca>
+                        <cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
+                        <csr />
+                        <key>{xpath_ref%build/paths/ssl/text()}/ca.key</key>
+                    </ca>
+                    <server>
+                        <cert>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</cert>
+                        <csr />
+                        <key>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
+                    </server>
                </ssl>
                <uri>{xpath_ref%meta/dev/website/text()}/ipxe</uri>
            </ipxe>
@ -161,10 +167,14 @@
            <iso sign="yes" sync="yes" multiarch="yes" rsync="yes"/>
            <ipxe sign="yes" sync="yes" iso="yes" rsync="yes">
                <ssl>
-                    <ca>{xpath_ref%build/paths/ssl/text()}/ca.crt</ca>
-                    <ca_key>{xpath_ref%build/paths/ssl/text()}/ca.key</ca_key>
-                    <crt>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</crt>
-                    <key>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
+                    <ca>
+                        <cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
+                        <key>{xpath_ref%build/paths/ssl/text()}/ca.key</key>
+                    </ca>
+                    <server>
+                        <cert>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</cert>
+                        <key>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
+                    </server>
                </ssl>
                <uri>{xpath_ref%meta/dev/website/text()}/ipxe</uri>
            </ipxe>
--- a/docs/examples/single_profile.xml
+++ b/docs/examples/single_profile.xml
@ -77,11 +77,36 @@
            <basedistro>archlinux</basedistro>
            <iso sign="yes" sync="yes" multiarch="yes" rsync="yes"/>
            <ipxe sign="yes" sync="yes" iso="yes" rsync="yes">
-                <ssl>
-                    <ca>{xpath_ref%build/paths/ssl/text()}/ca.crt</ca>
-                    <ca_key>{xpath_ref%build/paths/ssl/text()}/ca.key</ca_key>
-                    <crt>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</crt>
-                    <key>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
+                <ssl custom="no">
+                    <!-- http://ipxe.org/crypto -->
+                    <ca>
+                        <cert>{xpath_ref%build/paths/ssl/text()}/ca.crt</cert>
+                        <csr />
+                        <key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/ca.key</key>
+                        <subject>
+                            <commonName>domain.tld</commonName>
+                            <countryName>XX</countryName>
+                            <localityName>Some City</localityName>
+                            <stateOrProvinceName>Some State</stateOrProvinceName>
+                            <organization>Some Org, Inc.</organization>
+                            <organizationalUnitName>Department Name</organizationalUnitName>
+                            <emailAddress>{xpath_ref%../../../../../../meta/names/dev/email/text()}</emailAddress>
+                        </subject>
+                    </ca>
+                    <server>
+                        <cert>{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.crt</cert>
+                        <csr />
+                        <key des="no" passphrase="none">{xpath_ref%build/paths/ssl/text()}/{xpath_ref%//meta/names/uxname/text()}.key</key>
+                        <subject>
+                            <commonName>domain.tld (client)</commonName>
+                            <countryName>XX</countryName>
+                            <localityName>Some City</localityName>
+                            <stateOrProvinceName>Some State</stateOrProvinceName>
+                            <organization>Some Org, Inc.</organization>
+                            <organizationalUnitName>Department Name</organizationalUnitName>
+                            <emailAddress>{xpath_ref%../../../../../../meta/names/dev/email/text()}</emailAddress>
+                        </subject>
+                    </server>
                </ssl>
                <uri>{xpath_ref%meta/dev/website/text()}/ipxe</uri>
            </ipxe>