diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-10-09 08:29:10 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-10-09 08:29:10 +0000 |
commit | 637359c6d1883cdd3d3132027b4a3418995859c2 (patch) | |
tree | 92ecb49a12a92345009c8b6ca314db2ff08e7038 | |
parent | b1401f65b7b0f6df6b587d80408457f863d8f78e (diff) | |
download | gnunet-637359c6d1883cdd3d3132027b4a3418995859c2.tar.gz gnunet-637359c6d1883cdd3d3132027b4a3418995859c2.zip |
fix script to use file names from configuration and support -c option
-rw-r--r-- | src/gns/gnunet-gns-proxy-setup-ca | 43 |
1 files changed, 33 insertions, 10 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca b/src/gns/gnunet-gns-proxy-setup-ca index 431088534..1a659068a 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca +++ b/src/gns/gnunet-gns-proxy-setup-ca | |||
@@ -1,32 +1,55 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # This shell script will generate an X509 certificate for your gnunet-gns-proxy | ||
3 | # and install it (for both GNUnet and your browser). | ||
4 | # | ||
2 | echo "Generating CA" | 5 | echo "Generating CA" |
3 | 6 | ||
4 | openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out gnscacert.pem -subj "/C=TNR/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" | 7 | options='' |
8 | while getopts "c:" opt; do | ||
9 | case $opt in | ||
10 | c) | ||
11 | options+="-c $OPTARG" | ||
12 | ;; | ||
13 | \?) | ||
14 | echo "Invalid option: -$OPTARG" >&2 | ||
15 | exit 1 | ||
16 | ;; | ||
17 | :) | ||
18 | echo "Option -$OPTARG requires an argument." >&2 | ||
19 | exit 1 | ||
20 | ;; | ||
21 | esac | ||
22 | done | ||
23 | |||
24 | GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem` | ||
25 | GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem` | ||
26 | GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` | ||
27 | GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` | ||
28 | |||
29 | openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=TNR/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" | ||
5 | 30 | ||
6 | echo "Removing passphrase from key" | 31 | echo "Removing passphrase from key" |
7 | openssl rsa -passin pass:"GNU Name System" -in gnscakey.pem -out gnscakeynoenc.pem | 32 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO |
8 | 33 | ||
9 | cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem | 34 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM |
10 | cat gnscacert.pem > $HOME/.gnunet/gns/gnsCAcert.pem | ||
11 | cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem | ||
12 | 35 | ||
13 | echo "Importing CA into browsers" | 36 | echo "Importing CA into browsers" |
14 | for f in ~/.mozilla/firefox/*.default | 37 | for f in ~/.mozilla/firefox/*.default |
15 | do | 38 | do |
16 | if [ -d $f ]; then | 39 | if [ -d $f ]; then |
17 | echo "Importing CA info firefox $f" | 40 | echo "Importing CA info Firefox $f" |
18 | certutil -D -n "GNS Proxy CA" -d ~/.mozilla/firefox/*.default >/dev/null 2&>1 | 41 | certutil -D -n "GNS Proxy CA" -d ~/.mozilla/firefox/*.default >/dev/null 2&>1 |
19 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.mozilla/firefox/*.default < gnscacert.pem | 42 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.mozilla/firefox/*.default < $GNSCERT |
20 | fi | 43 | fi |
21 | done | 44 | done |
22 | 45 | ||
23 | if [ -d ~/.pki/nssdb ]; then | 46 | if [ -d ~/.pki/nssdb ]; then |
24 | echo "Importing CA into chrome" | 47 | echo "Importing CA into Chrome" |
25 | certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb >/dev/null 2&>1 | 48 | certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb >/dev/null 2&>1 |
26 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb < gnscacert.pem | 49 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb < $GNSCERT |
27 | fi | 50 | fi |
28 | 51 | ||
29 | 52 | ||
30 | rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem | 53 | rm $GNSCAKY $GNSCANO $GNSCERT |
31 | 54 | ||
32 | echo "You can now start gnunet-gns-proxy and configure your browser to use a SOCKS proxy on port 7777" | 55 | echo "You can now start gnunet-gns-proxy and configure your browser to use a SOCKS proxy on port 7777" |