diff options
| author | Christian Grothoff <christian@grothoff.org> | 2014-06-22 19:29:08 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2014-06-22 19:29:08 +0000 |
| commit | b2c88c0d07372108858609d8fe10c5cce2f905fe (patch) | |
| tree | e2325099dd2c613bfc2887eaef9281f33722aef0 | |
| parent | f6713cf1ea4ed1b3c4844fa8e74187043986b2b6 (diff) | |
| download | gnunet-b2c88c0d07372108858609d8fe10c5cce2f905fe.tar.gz gnunet-b2c88c0d07372108858609d8fe10c5cce2f905fe.zip | |
fix #3451
| -rw-r--r-- | src/gns/gnunet-gns-proxy-setup-ca | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca b/src/gns/gnunet-gns-proxy-setup-ca index 5686e37f7..c2182d869 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca +++ b/src/gns/gnunet-gns-proxy-setup-ca | |||
| @@ -32,30 +32,39 @@ GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` | |||
| 32 | GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` | 32 | GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` |
| 33 | mkdir -p `dirname $GNS_CA_CERT_PEM` | 33 | mkdir -p `dirname $GNS_CA_CERT_PEM` |
| 34 | 34 | ||
| 35 | openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" | 35 | openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" |
| 36 | 36 | ||
| 37 | echo "Removing passphrase from key" | 37 | echo "Removing passphrase from key" |
| 38 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO | 38 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO |
| 39 | 39 | ||
| 40 | echo "Making private key available to gnunet-gns-proxy" | ||
| 40 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM | 41 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM |
| 41 | 42 | ||
| 42 | echo "Importing CA into browsers" | 43 | echo "Importing CA into browsers" |
| 43 | for f in ~/.mozilla/firefox/*.default | 44 | for f in ~/.mozilla/firefox/*.default/ |
| 44 | do | 45 | do |
| 45 | if [ -d $f ]; then | 46 | if [ -d $f ]; then |
| 46 | echo "Importing CA info Firefox $f" | 47 | echo "Importing CA info Firefox at $f/" |
| 47 | certutil -D -n "GNS Proxy CA" -d ~/.mozilla/firefox/*.default >/dev/null 2&>1 | 48 | # delete old certificate (if any) |
| 48 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.mozilla/firefox/*.default < $GNSCERT | 49 | certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null |
| 50 | # add new certificate | ||
| 51 | certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT | ||
| 49 | fi | 52 | fi |
| 50 | done | 53 | done |
| 51 | 54 | ||
| 52 | if [ -d ~/.pki/nssdb ]; then | 55 | if [ -d ~/.pki/nssdb/ ]; then |
| 53 | echo "Importing CA into Chrome" | 56 | echo "Importing CA into Chrome at ~/.pki/nssdb/" |
| 54 | certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb >/dev/null 2&>1 | 57 | # delete old certificate (if any) |
| 55 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb < $GNSCERT | 58 | certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null |
| 59 | # add new certificate | ||
| 60 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT | ||
| 56 | fi | 61 | fi |
| 57 | 62 | ||
| 63 | echo "Cleaning up." | ||
| 64 | rm -f $GNSCAKY $GNSCANO $GNSCERT | ||
| 58 | 65 | ||
| 59 | rm $GNSCAKY $GNSCANO $GNSCERT | 66 | echo "===================================" |
| 60 | 67 | echo "You can now start gnunet-gns-proxy." | |
| 61 | echo "You can now start gnunet-gns-proxy and configure your browser to use a SOCKS proxy on port 7777" | 68 | echo "Afterwards, configure your browser " |
| 69 | echo " to use a SOCKS proxy on port 7777." | ||
| 70 | echo "===================================" | ||