diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2012-06-12 10:04:51 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2012-06-12 10:04:51 +0000 |
commit | 73578674ca23cdb582fd105c2746fc5542c0e774 (patch) | |
tree | 1e07d3a26d9e878f01aa769bdf9e6f933a317ee2 | |
parent | e40d562b7996e6224390fed957b9dc8f313996f2 (diff) | |
download | gnunet-73578674ca23cdb582fd105c2746fc5542c0e774.tar.gz gnunet-73578674ca23cdb582fd105c2746fc5542c0e774.zip |
Script for CA generation. Making it easy with config option
-rw-r--r-- | src/gns/createProxyCa.sh | 20 | ||||
-rw-r--r-- | src/gns/gns.conf.in | 3 | ||||
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 34 |
3 files changed, 50 insertions, 7 deletions
diff --git a/src/gns/createProxyCa.sh b/src/gns/createProxyCa.sh new file mode 100644 index 000000000..43855241e --- /dev/null +++ b/src/gns/createProxyCa.sh | |||
@@ -0,0 +1,20 @@ | |||
1 | echo "Generating CA" | ||
2 | |||
3 | openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out gnscacert.pem -subj "/C=DE/ST=Bavaria/L=Munich/O=TUM/OU=IN/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNUnet Naming System" | ||
4 | |||
5 | echo "Removing passphrase from key" | ||
6 | openssl rsa -passin pass:"GNUnet Naming System" -in gnscakey.pem -out gnscakeynoenc.pem | ||
7 | |||
8 | cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem | ||
9 | cat gnscacert.pem >> $HOME/.gnunet/gns/gnsCAcert.pem | ||
10 | cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem | ||
11 | cat gnscakey.pem | ||
12 | cat gnscacert.pem | ||
13 | |||
14 | echo "Cleaning up" | ||
15 | rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem | ||
16 | |||
17 | echo "Next steps:" | ||
18 | echo "1. The new CA will be used automatically by the proxy with the default settings" | ||
19 | echo "2. Please import the certificate $HOME/.gnunet/gns/gnscert.pem into the browser of your choice" | ||
20 | echo "3. Start gnunet-gns-proxy and configure your broser to use a SOCKS proxy on port 7777" | ||
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in index 2fe10ca34..8484f1810 100644 --- a/src/gns/gns.conf.in +++ b/src/gns/gns.conf.in | |||
@@ -16,7 +16,8 @@ RECORD_PUT_INTERVAL = 60 | |||
16 | ZONE_PUT_INTERVAL = 900 | 16 | ZONE_PUT_INTERVAL = 900 |
17 | 17 | ||
18 | [gns-proxy] | 18 | [gns-proxy] |
19 | PROXY_UNIXPATH= /tmp/gnunet-gns-proxy.sock | 19 | PROXY_CACERT = $SERVICEHOME/gns/gnsCAcert.pem |
20 | PROXY_UNIXPATH = /tmp/gnunet-gns-proxy.sock | ||
20 | 21 | ||
21 | [fcfsd] | 22 | [fcfsd] |
22 | HTTPPORT = 18080 | 23 | HTTPPORT = 18080 |
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index f0ef61d9f..790a9f474 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -228,7 +228,7 @@ struct ProxyCurlTask | |||
228 | static unsigned long port = GNUNET_GNS_PROXY_PORT; | 228 | static unsigned long port = GNUNET_GNS_PROXY_PORT; |
229 | 229 | ||
230 | /* The CA file (pem) to use for the proxy CA */ | 230 | /* The CA file (pem) to use for the proxy CA */ |
231 | static char* cafile; | 231 | static char* cafile_opt; |
232 | 232 | ||
233 | /* The listen socket of the proxy */ | 233 | /* The listen socket of the proxy */ |
234 | static struct GNUNET_NETWORK_Handle *lsock; | 234 | static struct GNUNET_NETWORK_Handle *lsock; |
@@ -2260,7 +2260,7 @@ load_local_zone_key (const struct GNUNET_CONFIGURATION_Handle *cfg) | |||
2260 | if (GNUNET_NO == GNUNET_DISK_file_test (keyfile)) | 2260 | if (GNUNET_NO == GNUNET_DISK_file_test (keyfile)) |
2261 | { | 2261 | { |
2262 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2262 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2263 | "Unable to load zone key!\n"); | 2263 | "Unable to load zone key %s!\n", keyfile); |
2264 | GNUNET_free(keyfile); | 2264 | GNUNET_free(keyfile); |
2265 | return GNUNET_NO; | 2265 | return GNUNET_NO; |
2266 | } | 2266 | } |
@@ -2305,14 +2305,14 @@ load_local_shorten_key (const struct GNUNET_CONFIGURATION_Handle *cfg) | |||
2305 | &keyfile)) | 2305 | &keyfile)) |
2306 | { | 2306 | { |
2307 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2307 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2308 | "Unable to load zone key config value!\n"); | 2308 | "Unable to load shorten key config value! (not fatal)\n"); |
2309 | return GNUNET_NO; | 2309 | return GNUNET_NO; |
2310 | } | 2310 | } |
2311 | 2311 | ||
2312 | if (GNUNET_NO == GNUNET_DISK_file_test (keyfile)) | 2312 | if (GNUNET_NO == GNUNET_DISK_file_test (keyfile)) |
2313 | { | 2313 | { |
2314 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2314 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2315 | "Unable to load zone key!\n"); | 2315 | "Unable to load shorten key %s! (not fatal)\n", keyfile); |
2316 | GNUNET_free(keyfile); | 2316 | GNUNET_free(keyfile); |
2317 | return GNUNET_NO; | 2317 | return GNUNET_NO; |
2318 | } | 2318 | } |
@@ -2349,10 +2349,29 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
2349 | struct sockaddr_un mhd_unix_sock_addr; | 2349 | struct sockaddr_un mhd_unix_sock_addr; |
2350 | size_t len; | 2350 | size_t len; |
2351 | char* proxy_sockfile; | 2351 | char* proxy_sockfile; |
2352 | char* cafile_cfg = NULL; | ||
2353 | char* cafile; | ||
2352 | 2354 | ||
2353 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2355 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
2354 | "Loading CA\n"); | 2356 | "Loading CA\n"); |
2357 | |||
2358 | cafile = cafile_opt; | ||
2355 | 2359 | ||
2360 | if (NULL == cafile) | ||
2361 | { | ||
2362 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy", | ||
2363 | "PROXY_CACERT", | ||
2364 | &cafile_cfg)) | ||
2365 | { | ||
2366 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2367 | "Unable to load proxy CA config value!\n"); | ||
2368 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2369 | "No proxy CA provided!\n"); | ||
2370 | return; | ||
2371 | } | ||
2372 | cafile = cafile_cfg; | ||
2373 | } | ||
2374 | |||
2356 | gnutls_global_init (); | 2375 | gnutls_global_init (); |
2357 | 2376 | ||
2358 | gnutls_x509_crt_init (&proxy_ca.cert); | 2377 | gnutls_x509_crt_init (&proxy_ca.cert); |
@@ -2360,6 +2379,9 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
2360 | 2379 | ||
2361 | load_cert_from_file (proxy_ca.cert, cafile); | 2380 | load_cert_from_file (proxy_ca.cert, cafile); |
2362 | load_key_from_file (proxy_ca.key, cafile); | 2381 | load_key_from_file (proxy_ca.key, cafile); |
2382 | |||
2383 | if (cafile_cfg) | ||
2384 | GNUNET_free (cafile_cfg); | ||
2363 | 2385 | ||
2364 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2386 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2365 | "Loading Template\n"); | 2387 | "Loading Template\n"); |
@@ -2524,7 +2546,7 @@ main (int argc, char *const *argv) | |||
2524 | &GNUNET_GETOPT_set_string, &port}, | 2546 | &GNUNET_GETOPT_set_string, &port}, |
2525 | {'a', "authority", NULL, | 2547 | {'a', "authority", NULL, |
2526 | gettext_noop ("pem file to use as CA"), 1, | 2548 | gettext_noop ("pem file to use as CA"), 1, |
2527 | &GNUNET_GETOPT_set_string, &cafile}, | 2549 | &GNUNET_GETOPT_set_string, &cafile_opt}, |
2528 | GNUNET_GETOPT_OPTION_END | 2550 | GNUNET_GETOPT_OPTION_END |
2529 | }; | 2551 | }; |
2530 | 2552 | ||