diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-02-17 22:33:17 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-02-17 22:33:17 +0100 |
commit | 003606cc941a4580d787c9970193bb22e307c413 (patch) | |
tree | fbf18951270628d70365c6ab83c723020cc491ed /src/gns/gnunet-gns-proxy-setup-ca.in | |
parent | 09df88645767b8d20075cb3b6d1b2f400a75c605 (diff) | |
download | gnunet-003606cc941a4580d787c9970193bb22e307c413.tar.gz gnunet-003606cc941a4580d787c9970193bb22e307c413.zip |
add openssl.cnf
Diffstat (limited to 'src/gns/gnunet-gns-proxy-setup-ca.in')
-rw-r--r-- | src/gns/gnunet-gns-proxy-setup-ca.in | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in new file mode 100644 index 000000000..d3753b074 --- /dev/null +++ b/src/gns/gnunet-gns-proxy-setup-ca.in | |||
@@ -0,0 +1,79 @@ | |||
1 | #!/bin/sh | ||
2 | # This shell script will generate an X509 certificate for your gnunet-gns-proxy | ||
3 | # and install it (for both GNUnet and your browser). | ||
4 | # | ||
5 | |||
6 | # TODO: We should sed the real paths to the binaries involved here. | ||
7 | OPENSSLCFG=@PREFIX@ | ||
8 | if ! which openssl > /dev/null | ||
9 | then | ||
10 | echo "'openssl' command not found. Please install it." | ||
11 | exit 1 | ||
12 | fi | ||
13 | |||
14 | |||
15 | echo "Generating CA" | ||
16 | options='' | ||
17 | while getopts "c:" opt; do | ||
18 | case $opt in | ||
19 | c) | ||
20 | options="$options -c $OPTARG" | ||
21 | ;; | ||
22 | \?) | ||
23 | echo "Invalid option: -$OPTARG" >&2 | ||
24 | exit 1 | ||
25 | ;; | ||
26 | :) | ||
27 | echo "Option -$OPTARG requires an argument." >&2 | ||
28 | exit 1 | ||
29 | ;; | ||
30 | esac | ||
31 | done | ||
32 | |||
33 | GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem` | ||
34 | GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem` | ||
35 | GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` | ||
36 | GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` | ||
37 | mkdir -p `dirname $GNS_CA_CERT_PEM` | ||
38 | |||
39 | openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" | ||
40 | |||
41 | echo "Removing passphrase from key" | ||
42 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO | ||
43 | |||
44 | echo "Making private key available to gnunet-gns-proxy" | ||
45 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM | ||
46 | |||
47 | if ! which certutil > /dev/null | ||
48 | then | ||
49 | echo "'certutil' command not found. Not importing into browsers." | ||
50 | else | ||
51 | echo "Importing CA into browsers" | ||
52 | for f in ~/.mozilla/firefox/*.*/ | ||
53 | do | ||
54 | if [ -d $f ]; then | ||
55 | echo "Importing CA info Firefox at $f" | ||
56 | # delete old certificate (if any) | ||
57 | certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null | ||
58 | # add new certificate | ||
59 | certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT | ||
60 | fi | ||
61 | done | ||
62 | |||
63 | if [ -d ~/.pki/nssdb/ ]; then | ||
64 | echo "Importing CA into Chrome at ~/.pki/nssdb/" | ||
65 | # delete old certificate (if any) | ||
66 | certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null | ||
67 | # add new certificate | ||
68 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT | ||
69 | fi | ||
70 | fi | ||
71 | |||
72 | echo "Cleaning up." | ||
73 | rm -f $GNSCAKY $GNSCANO $GNSCERT | ||
74 | |||
75 | echo "===================================" | ||
76 | echo "You can now start gnunet-gns-proxy." | ||
77 | echo "Afterwards, configure your browser " | ||
78 | echo " to use a SOCKS proxy on port 7777." | ||
79 | echo "===================================" | ||