diff options
Diffstat (limited to 'src/gns/gnunet-gns-proxy-setup-ca.in')
-rw-r--r-- | src/gns/gnunet-gns-proxy-setup-ca.in | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in index cd5d8c70f..b19b6c001 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca.in +++ b/src/gns/gnunet-gns-proxy-setup-ca.in | |||
@@ -133,13 +133,29 @@ generate_ca() | |||
133 | 133 | ||
134 | # ------------- openssl | 134 | # ------------- openssl |
135 | 135 | ||
136 | GNUTLS_CA_TEMPLATE=@pkgdatadir@/gnunet-gns-proxy-ca.template | ||
136 | OPENSSLCFG=@pkgdatadir@/openssl.cnf | 137 | OPENSSLCFG=@pkgdatadir@/openssl.cnf |
137 | if test -z "`openssl version`" > /dev/null | 138 | CERTTOOL="" |
139 | OPENSSL=0 | ||
140 | if test -z "`gnutls-certtool --version`" > /dev/null | ||
138 | then | 141 | then |
139 | warningmsg "'openssl' command not found. Please install it." | 142 | # We only support gnutls certtool for now |
140 | infomsg "Cleaning up." | 143 | if test -z "`certtool --version | grep gnutls`" > /dev/null |
141 | rm -f $GNSCAKY $GNSCANO $GNSCERT | 144 | then |
142 | exit 1 | 145 | warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl." |
146 | if test -z "`openssl version`" > /dev/null | ||
147 | then | ||
148 | $OPENSSL=1 | ||
149 | else | ||
150 | warningmsg "Install either gnutls certtool or openssl for certificate generation!" | ||
151 | infomsg "Cleaning up." | ||
152 | rm -f $GNSCAKY $GNSCERT | ||
153 | exit 1 | ||
154 | fi | ||
155 | fi | ||
156 | CERTTOOL="certtool" | ||
157 | else | ||
158 | CERTTOOL="gnutls-certtool" | ||
143 | fi | 159 | fi |
144 | if [ -n "${GNUNET_CONFIG_FILE}" ]; then | 160 | if [ -n "${GNUNET_CONFIG_FILE}" ]; then |
145 | GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}" | 161 | GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}" |
@@ -149,13 +165,18 @@ generate_ca() | |||
149 | GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}` | 165 | GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}` |
150 | mkdir -p `dirname $GNS_CA_CERT_PEM` | 166 | mkdir -p `dirname $GNS_CA_CERT_PEM` |
151 | 167 | ||
152 | openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" | 168 | if test 1 -eq $OPENSSL |
153 | 169 | then | |
154 | infomsg "Removing passphrase from key" | 170 | openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" |
155 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO | 171 | infomsg "Removing passphrase from key" |
156 | 172 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO | |
157 | infomsg "Making private key available to gnunet-gns-proxy" | 173 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM |
158 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM | 174 | else |
175 | $CERTTOOL --generate-privkey --outfile $GNSCAKY | ||
176 | $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT | ||
177 | infomsg "Making private key available to gnunet-gns-proxy" | ||
178 | cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM | ||
179 | fi | ||
159 | } | 180 | } |
160 | 181 | ||
161 | importbrowsers() | 182 | importbrowsers() |