aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/gns/gnunet-gns-proxy-setup-ca.in17
1 files changed, 6 insertions, 11 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in
index 00fc2d227..55a60e544 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca.in
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -3,7 +3,6 @@
3# and install it (for both GNUnet and your browser). 3# and install it (for both GNUnet and your browser).
4# 4#
5 5
6# TODO: We should sed the real paths to the binaries involved here.
7OPENSSLCFG=@PREFIX@ 6OPENSSLCFG=@PREFIX@
8if ! which openssl > /dev/null 7if ! which openssl > /dev/null
9then 8then
@@ -11,10 +10,6 @@ then
11 exit 1 10 exit 1
12fi 11fi
13 12
14# Keep it simple so that people can install the tools later on.
15OPENSSLBIN=openssl
16CERTUTILBIN=certutil
17
18echo "Generating CA" 13echo "Generating CA"
19options='' 14options=''
20while getopts "c:" opt; do 15while getopts "c:" opt; do
@@ -39,10 +34,10 @@ GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
39GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` 34GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
40mkdir -p `dirname $GNS_CA_CERT_PEM` 35mkdir -p `dirname $GNS_CA_CERT_PEM`
41 36
42OPENSSLBIN req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" 37openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
43 38
44echo "Removing passphrase from key" 39echo "Removing passphrase from key"
45OPENSSLBIN rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO 40openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
46 41
47echo "Making private key available to gnunet-gns-proxy" 42echo "Making private key available to gnunet-gns-proxy"
48cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM 43cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
@@ -58,18 +53,18 @@ else
58 if [ -d $f ]; then 53 if [ -d $f ]; then
59 echo "Importing CA info Firefox at $f" 54 echo "Importing CA info Firefox at $f"
60 # delete old certificate (if any) 55 # delete old certificate (if any)
61 @CERTUTILBIN@ -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null 56 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
62 # add new certificate 57 # add new certificate
63 @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT 58 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
64 fi 59 fi
65 done 60 done
66 61
67 if [ -d ~/.pki/nssdb/ ]; then 62 if [ -d ~/.pki/nssdb/ ]; then
68 echo "Importing CA into Chrome at ~/.pki/nssdb/" 63 echo "Importing CA into Chrome at ~/.pki/nssdb/"
69 # delete old certificate (if any) 64 # delete old certificate (if any)
70 @CERTUTILBIN@ -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null 65 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
71 # add new certificate 66 # add new certificate
72 @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT 67 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
73 fi 68 fi
74fi 69fi
75 70