aboutsummaryrefslogtreecommitdiff
path: root/src/gns/gnunet-gns-proxy-setup-ca.in
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2019-02-17 22:33:17 +0100
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2019-02-17 22:33:17 +0100
commit003606cc941a4580d787c9970193bb22e307c413 (patch)
treefbf18951270628d70365c6ab83c723020cc491ed /src/gns/gnunet-gns-proxy-setup-ca.in
parent09df88645767b8d20075cb3b6d1b2f400a75c605 (diff)
downloadgnunet-003606cc941a4580d787c9970193bb22e307c413.tar.gz
gnunet-003606cc941a4580d787c9970193bb22e307c413.zip
add openssl.cnf
Diffstat (limited to 'src/gns/gnunet-gns-proxy-setup-ca.in')
-rw-r--r--src/gns/gnunet-gns-proxy-setup-ca.in79
1 files changed, 79 insertions, 0 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in
new file mode 100644
index 000000000..d3753b074
--- /dev/null
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -0,0 +1,79 @@
1#!/bin/sh
2# This shell script will generate an X509 certificate for your gnunet-gns-proxy
3# and install it (for both GNUnet and your browser).
4#
5
6# TODO: We should sed the real paths to the binaries involved here.
7OPENSSLCFG=@PREFIX@
8if ! which openssl > /dev/null
9then
10 echo "'openssl' command not found. Please install it."
11 exit 1
12fi
13
14
15echo "Generating CA"
16options=''
17while getopts "c:" opt; do
18 case $opt in
19 c)
20 options="$options -c $OPTARG"
21 ;;
22 \?)
23 echo "Invalid option: -$OPTARG" >&2
24 exit 1
25 ;;
26 :)
27 echo "Option -$OPTARG requires an argument." >&2
28 exit 1
29 ;;
30 esac
31done
32
33GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem`
34GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem`
35GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
36GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
37mkdir -p `dirname $GNS_CA_CERT_PEM`
38
39openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
40
41echo "Removing passphrase from key"
42openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
43
44echo "Making private key available to gnunet-gns-proxy"
45cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
46
47if ! which certutil > /dev/null
48then
49 echo "'certutil' command not found. Not importing into browsers."
50else
51 echo "Importing CA into browsers"
52 for f in ~/.mozilla/firefox/*.*/
53 do
54 if [ -d $f ]; then
55 echo "Importing CA info Firefox at $f"
56 # delete old certificate (if any)
57 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
58 # add new certificate
59 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
60 fi
61 done
62
63 if [ -d ~/.pki/nssdb/ ]; then
64 echo "Importing CA into Chrome at ~/.pki/nssdb/"
65 # delete old certificate (if any)
66 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
67 # add new certificate
68 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
69 fi
70fi
71
72echo "Cleaning up."
73rm -f $GNSCAKY $GNSCANO $GNSCERT
74
75echo "==================================="
76echo "You can now start gnunet-gns-proxy."
77echo "Afterwards, configure your browser "
78echo " to use a SOCKS proxy on port 7777."
79echo "==================================="