Several updates

* Subnets configuration option for Kerberos machine enrollment
* Configurable script snippets via [service] configuration section
* Preliminary revocation reason support
* Improved signature profile support
* Add domain components to DN to distinguish certificate CN's namespace
* Image builder improvements, add Elliptic Curve support
* Added GetCACaps operation and more digest algorithms for SCEP
* Generate certificate and CRL serial from timestamp (64+32bits) and random bytes (56bits)
* Move client storage pool to /etc/certidude/authority/
* Cleanups & bugfixes

doc/overlay/usr/bin/certidude-enroll-renew

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+AUTHORITY=certidude.@authority[0]
+URL=https://$(uci get $AUTHORITY.hostname):8443
+DIR=/etc/certidude/authority/$(uci get $AUTHORITY.hostname)
+AUTHORITY_PATH=$DIR/ca_cert.pem
+CERTIFICATE_PATH=$DIR/host_cert.pem
+REQUEST_PATH=$DIR/host_req.pem
+KEY_PATH=$DIR/host_key.pem
+
+curl -f -L \
+    -H "Content-Type: application/pkcs10" \
+    --data-binary @$REQUEST_PATH \
+    --cacert $AUTHORITY_PATH \
+    --key $KEY_PATH \
+    --cert $CERTIFICATE_PATH \
+    $URL/api/request/ -o $CERTIFICATE_PATH.part
+
+if [ $? -eq 0 ]; then
+    logger -t certidude -s "Certificate renewal successful"
+    mv $CERTIFICATE_PATH.part $CERTIFICATE_PATH
+    ipsec reload
+else
+    logger -t certidude -s "Failed to renew certificate"
+fi