diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-07-23 23:38:19 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-07-23 23:38:19 +0200 |
commit | ad488bdf1343d85a30d8189884018928b0f699ba (patch) | |
tree | 5b83d8fc9f8a666d74197091dacc5334dd8193f7 /src/transport | |
parent | b5d78311efeded3e135e8f4b19bc1e0596d0496c (diff) | |
download | gnunet-ad488bdf1343d85a30d8189884018928b0f699ba.tar.gz gnunet-ad488bdf1343d85a30d8189884018928b0f699ba.zip |
fix #5817
Diffstat (limited to 'src/transport')
-rw-r--r-- | src/transport/Makefile.am | 19 | ||||
-rw-r--r-- | src/transport/gnunet-transport-certificate-creation.c | 133 | ||||
-rw-r--r-- | src/transport/gnunet-transport-certificate-creation.in | 148 |
3 files changed, 160 insertions, 140 deletions
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index ea9ce75ba..e6729f2a9 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am | |||
@@ -256,16 +256,20 @@ libexec_PROGRAMS = \ | |||
256 | 256 | ||
257 | 257 | ||
258 | bin_PROGRAMS = \ | 258 | bin_PROGRAMS = \ |
259 | gnunet-transport \ | 259 | gnunet-transport |
260 | |||
261 | bin_SCRIPTS = \ | ||
260 | gnunet-transport-certificate-creation | 262 | gnunet-transport-certificate-creation |
261 | 263 | ||
262 | #bin_SCRIPTS = \ | 264 | # See: https://www.gnu.org/software/automake/manual/html_node/Scripts.html#Scripts |
263 | # gnunet-transport-certificate-creation | 265 | do_subst = sed -e 's,[@]pkgdatadir[@],$(pkgdatadir),g' |
266 | |||
267 | |||
268 | gnunet-transport-certificate-creation: gnunet-transport-certificate-creation.in Makefile | ||
269 | $(do_subst) < $(srcdir)/gnunet-transport-certificate-creation.in > gnunet-transport-certificate-creation | ||
270 | chmod +x gnunet-transport-certificate-creation | ||
271 | |||
264 | 272 | ||
265 | gnunet_transport_certificate_creation_SOURCES = \ | ||
266 | gnunet-transport-certificate-creation.c | ||
267 | gnunet_transport_certificate_creation_LDADD = \ | ||
268 | $(top_builddir)/src/util/libgnunetutil.la | ||
269 | 273 | ||
270 | gnunet_communicator_unix_SOURCES = \ | 274 | gnunet_communicator_unix_SOURCES = \ |
271 | gnunet-communicator-unix.c | 275 | gnunet-communicator-unix.c |
@@ -1338,6 +1342,7 @@ test_transport_api_slow_ats_LDADD = \ | |||
1338 | 1342 | ||
1339 | 1343 | ||
1340 | EXTRA_DIST = \ | 1344 | EXTRA_DIST = \ |
1345 | gnunet-transport-certificate-creation.in \ | ||
1341 | communicator-unix.conf \ | 1346 | communicator-unix.conf \ |
1342 | test_plugin_hostkey \ | 1347 | test_plugin_hostkey \ |
1343 | test_plugin_hostkey.ecc \ | 1348 | test_plugin_hostkey.ecc \ |
diff --git a/src/transport/gnunet-transport-certificate-creation.c b/src/transport/gnunet-transport-certificate-creation.c deleted file mode 100644 index 288652566..000000000 --- a/src/transport/gnunet-transport-certificate-creation.c +++ /dev/null | |||
@@ -1,133 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2011, 2013 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file transport/gnunet-transport-certificate-creation.c | ||
23 | * @brief create certificate for HTTPS transport | ||
24 | * @author LRN | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | |||
29 | #ifndef WINDOWS | ||
30 | /** | ||
31 | * Turn the given file descriptor in to '/dev/null'. | ||
32 | * | ||
33 | * @param fd fd to bind to /dev/null | ||
34 | * @param flags flags to use (O_RDONLY or O_WRONLY) | ||
35 | */ | ||
36 | static void | ||
37 | make_dev_zero (int fd, | ||
38 | int flags) | ||
39 | { | ||
40 | int z; | ||
41 | |||
42 | GNUNET_assert (0 == close (fd)); | ||
43 | z = open ("/dev/null", flags); | ||
44 | GNUNET_assert (-1 != z); | ||
45 | if (z == fd) | ||
46 | return; | ||
47 | GNUNET_break (fd == dup2 (z, fd)); | ||
48 | GNUNET_assert (0 == close (z)); | ||
49 | } | ||
50 | #endif | ||
51 | |||
52 | |||
53 | static void | ||
54 | removecerts (const char *file1, | ||
55 | const char *file2) | ||
56 | { | ||
57 | if (GNUNET_YES == GNUNET_DISK_file_test (file1)) | ||
58 | { | ||
59 | if (0 != CHMOD (file1, S_IWUSR | S_IRUSR)) | ||
60 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", file1); | ||
61 | if (0 != REMOVE (file1)) | ||
62 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "remove", file1); | ||
63 | } | ||
64 | if (GNUNET_YES == GNUNET_DISK_file_test (file2)) | ||
65 | { | ||
66 | if (0 != CHMOD (file2, S_IWUSR | S_IRUSR)) | ||
67 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", file2); | ||
68 | if (0 != REMOVE (file2)) | ||
69 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "remove", file2); | ||
70 | } | ||
71 | } | ||
72 | |||
73 | |||
74 | int | ||
75 | main (int argc, char **argv) | ||
76 | { | ||
77 | struct GNUNET_OS_Process *openssl; | ||
78 | |||
79 | if (3 != argc) | ||
80 | { | ||
81 | fprintf (stderr, | ||
82 | "Invalid arguments.\n"); | ||
83 | return 1; | ||
84 | } | ||
85 | removecerts (argv[1], argv[2]); | ||
86 | (void) GNUNET_DISK_directory_create_for_file (argv[1]); | ||
87 | (void) GNUNET_DISK_directory_create_for_file (argv[2]); | ||
88 | /* eliminate stderr */ | ||
89 | #if WINDOWS | ||
90 | (void) close (2); | ||
91 | #else | ||
92 | make_dev_zero (2, O_WRONLY); | ||
93 | #endif | ||
94 | /* Create RSA Private Key */ | ||
95 | /* openssl genrsa -out $1 1024 2> /dev/null */ | ||
96 | openssl = | ||
97 | GNUNET_OS_start_process (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, | ||
98 | NULL, NULL, NULL, | ||
99 | "openssl", "openssl", "genrsa", | ||
100 | "-out", argv[1], "1024", NULL); | ||
101 | if (NULL == openssl) | ||
102 | { | ||
103 | fprintf (stderr, | ||
104 | "Failed to run openssl. Is openssl installed?\n"); | ||
105 | return 2; | ||
106 | } | ||
107 | GNUNET_assert (GNUNET_OK == GNUNET_OS_process_wait (openssl)); | ||
108 | GNUNET_OS_process_destroy (openssl); | ||
109 | |||
110 | /* Create a self-signed certificate in batch mode using rsa key */ | ||
111 | /* openssl req -batch -days 365 -out $2 -new -x509 -key $1 2> /dev/null */ | ||
112 | openssl = | ||
113 | GNUNET_OS_start_process (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, | ||
114 | NULL, NULL, NULL, | ||
115 | "openssl", "openssl", "req", | ||
116 | "-batch", "-days", "365", "-out", argv[2], | ||
117 | "-new", "-x509", "-key", argv[1], NULL); | ||
118 | if (NULL == openssl) | ||
119 | { | ||
120 | fprintf (stderr, | ||
121 | "Failed to create self-signed certificate with openssl.\n"); | ||
122 | return 3; | ||
123 | } | ||
124 | GNUNET_assert (GNUNET_OK == GNUNET_OS_process_wait (openssl)); | ||
125 | GNUNET_OS_process_destroy (openssl); | ||
126 | if (0 != CHMOD (argv[1], S_IRUSR)) | ||
127 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", argv[1]); | ||
128 | if (0 != CHMOD (argv[2], S_IRUSR)) | ||
129 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", argv[2]); | ||
130 | return 0; | ||
131 | } | ||
132 | |||
133 | /* end of gnunet-transport-certificate-creation.c */ | ||
diff --git a/src/transport/gnunet-transport-certificate-creation.in b/src/transport/gnunet-transport-certificate-creation.in new file mode 100644 index 000000000..9b8a23594 --- /dev/null +++ b/src/transport/gnunet-transport-certificate-creation.in | |||
@@ -0,0 +1,148 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # This shell script will generate an X509 certificate for | ||
4 | # your gnunet-transport HTTPS | ||
5 | # | ||
6 | # The current version partially reuses and recycles | ||
7 | # code from build.sh by NetBSD (although not entirely | ||
8 | # used because it needs debugging): | ||
9 | # | ||
10 | # Copyright (c) 2001-2011 The NetBSD Foundation, Inc. | ||
11 | # All rights reserved. | ||
12 | # | ||
13 | # This code is derived from software contributed to | ||
14 | # The NetBSD Foundation by Todd Vierling and Luke Mewburn. | ||
15 | |||
16 | # Redistribution and use in source and binary forms, with or | ||
17 | # without modification, are permitted provided that the following | ||
18 | # conditions are met: | ||
19 | # 1. Redistributions of source code must retain the above | ||
20 | # copyright notice, this list of conditions and the following | ||
21 | # disclaimer. | ||
22 | # 2. Redistributions in binary form must reproduce the above | ||
23 | # copyright notice, this list of conditions and the following | ||
24 | # disclaimer in the documentation and/or other materials | ||
25 | # provided with the distribution. | ||
26 | |||
27 | # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND | ||
28 | # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, | ||
29 | # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | ||
30 | # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
31 | # DISCLAIMED. | ||
32 | # IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR | ||
33 | # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
34 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||
35 | # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
36 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
37 | # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
38 | # LIABILITY, OR TORT | ||
39 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF | ||
40 | # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY | ||
41 | # OF SUCH DAMAGE. | ||
42 | |||
43 | progname=${0##*/} | ||
44 | |||
45 | setdefaults() | ||
46 | { | ||
47 | verbosity=0 | ||
48 | runcmd= | ||
49 | } | ||
50 | |||
51 | statusmsg() | ||
52 | { | ||
53 | ${runcmd} echo " $@" | ||
54 | } | ||
55 | |||
56 | infomsg() | ||
57 | { | ||
58 | if [ x$verbosity = x1 ]; then | ||
59 | statusmsg "INFO: $@" | ||
60 | fi | ||
61 | } | ||
62 | |||
63 | warningmsg() | ||
64 | { | ||
65 | statusmsg "WARNING: $@" | ||
66 | } | ||
67 | |||
68 | errormsg() | ||
69 | { | ||
70 | statusmsg "ERROR: $@" | ||
71 | } | ||
72 | |||
73 | linemsg() | ||
74 | { | ||
75 | statusmsg "=========================================" | ||
76 | } | ||
77 | |||
78 | |||
79 | usage() | ||
80 | { | ||
81 | if [ -n "$*" ]; then | ||
82 | echo "" | ||
83 | echo "${progname}: $*" | ||
84 | fi | ||
85 | cat <<_usage_ | ||
86 | |||
87 | Usage: ${progname} [-hv] [-c FILE] [...] | ||
88 | |||
89 | Options: | ||
90 | -c FILE Use the configuration file FILE. | ||
91 | -h Print this help message. | ||
92 | -v Print the version and exit. | ||
93 | -V be verbose | ||
94 | |||
95 | _usage_ | ||
96 | exit 1 | ||
97 | } | ||
98 | |||
99 | |||
100 | generate_cert_key() | ||
101 | { | ||
102 | echo "" | ||
103 | infomsg "Generating Cert and Key" | ||
104 | |||
105 | CERTTOOL="" | ||
106 | GNUTLS_CA_TEMPLATE=@pkgdatadir@/gnunet-gns-proxy-ca.template | ||
107 | OPENSSL=0 | ||
108 | if test -z "`gnutls-certtool --version`" > /dev/null | ||
109 | then | ||
110 | warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl." | ||
111 | if test -z "`openssl version`" > /dev/null | ||
112 | then | ||
113 | $OPENSSL=1 | ||
114 | else | ||
115 | warningmsg "Install either gnutls certtool or openssl for certificate generation!" | ||
116 | exit 1 | ||
117 | fi | ||
118 | CERTTOOL="openssl" | ||
119 | else | ||
120 | CERTTOOL="gnutls-certtool" | ||
121 | fi | ||
122 | mkdir -p `dirname $KEYFILE` | ||
123 | |||
124 | if test 1 -eq $OPENSSL | ||
125 | then | ||
126 | $CERTTOOL genrsa -out $KEYFILE 1024 | ||
127 | $CERTTOOL req -batch -days 365 -out $CERTFILE, -new -x509 -key $KEYFILE | ||
128 | else | ||
129 | $CERTTOOL --generate-privkey --outfile $KEYFILE 2>/dev/null | ||
130 | $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $KEYFILE --outfile $CERTFILE 2>/dev/null | ||
131 | fi | ||
132 | } | ||
133 | |||
134 | print_version() | ||
135 | { | ||
136 | GNUNET_ARM_VERSION=`gnunet-arm -v` | ||
137 | echo $GNUNET_ARM_VERSION | ||
138 | } | ||
139 | |||
140 | main() | ||
141 | { | ||
142 | KEYFILE=$1 | ||
143 | CERTFILE=$2 | ||
144 | setdefaults | ||
145 | generate_cert_key | ||
146 | } | ||
147 | |||
148 | main "$@" | ||