1 files changed, 33 insertions, 12 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in
index cd5d8c70f..b19b6c001 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca.in
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -133,13 +133,29 @@ generate_ca()
    # ------------- openssl
+    GNUTLS_CA_TEMPLATE=@pkgdatadir@/gnunet-gns-proxy-ca.template
    OPENSSLCFG=@pkgdatadir@/openssl.cnf
-    if test -z "`openssl version`" > /dev/null
+    CERTTOOL=""
+    OPENSSL=0
+    if test -z "`gnutls-certtool --version`" > /dev/null
    then
-        warningmsg "'openssl' command not found. Please install it."
+      # We only support gnutls certtool for now
-        infomsg    "Cleaning up."
+      if test -z "`certtool --version | grep gnutls`" > /dev/null
-        rm -f $GNSCAKY $GNSCANO $GNSCERT
+      then
-        exit 1
+        warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl."
+        if test -z "`openssl version`" > /dev/null
+        then
+          $OPENSSL=1
+        else
+          warningmsg "Install either gnutls certtool or openssl for certificate generation!"
+          infomsg    "Cleaning up."
+          rm -f $GNSCAKY $GNSCERT
+          exit 1
+        fi
+      fi
+      CERTTOOL="certtool"
+    else
+      CERTTOOL="gnutls-certtool"
    fi
    if [ -n "${GNUNET_CONFIG_FILE}" ]; then
        GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
@@ -149,13 +165,18 @@ generate_ca()
    GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`
    mkdir -p `dirname $GNS_CA_CERT_PEM`
-    openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
+    if test 1 -eq $OPENSSL
+    then
-    infomsg "Removing passphrase from key"
+      openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
-    openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
+      infomsg "Removing passphrase from key"
+      openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
-    infomsg "Making private key available to gnunet-gns-proxy"
+      cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
-    cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
+    else
+      $CERTTOOL --generate-privkey --outfile $GNSCAKY
+      $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
+      infomsg "Making private key available to gnunet-gns-proxy"
+      cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM
+    fi
 }
 importbrowsers()

diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in index cd5d8c70f..b19b6c001 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca.in +++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -133,13 +133,29 @@ generate_ca()
133		133
134	# ------------- openssl	134	# ------------- openssl
135		135
		136	GNUTLS_CA_TEMPLATE=@pkgdatadir@/gnunet-gns-proxy-ca.template
136	OPENSSLCFG=@pkgdatadir@/openssl.cnf	137	OPENSSLCFG=@pkgdatadir@/openssl.cnf
137	if test -z "`openssl version`" > /dev/null	138	CERTTOOL=""
		139	OPENSSL=0
		140	if test -z "`gnutls-certtool --version`" > /dev/null
138	then	141	then
139	warningmsg "'openssl' command not found. Please install it."	142	# We only support gnutls certtool for now
140	infomsg "Cleaning up."	143	if test -z "`certtool --version \| grep gnutls`" > /dev/null
141	rm -f $GNSCAKY $GNSCANO $GNSCERT	144	then
142	exit 1	145	warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl."
		146	if test -z "`openssl version`" > /dev/null
		147	then
		148	$OPENSSL=1
		149	else
		150	warningmsg "Install either gnutls certtool or openssl for certificate generation!"
		151	infomsg "Cleaning up."
		152	rm -f $GNSCAKY $GNSCERT
		153	exit 1
		154	fi
		155	fi
		156	CERTTOOL="certtool"
		157	else
		158	CERTTOOL="gnutls-certtool"
143	fi	159	fi
144	if [ -n "${GNUNET_CONFIG_FILE}" ]; then	160	if [ -n "${GNUNET_CONFIG_FILE}" ]; then
145	GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"	161	GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
@@ -149,13 +165,18 @@ generate_ca()
149	GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`	165	GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`
150	mkdir -p `dirname $GNS_CA_CERT_PEM`	166	mkdir -p `dirname $GNS_CA_CERT_PEM`
151		167
152	openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"	168	if test 1 -eq $OPENSSL
153		169	then
154	infomsg "Removing passphrase from key"	170	openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
155	openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO	171	infomsg "Removing passphrase from key"
156		172	openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
157	infomsg "Making private key available to gnunet-gns-proxy"	173	cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
158	cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM	174	else
		175	$CERTTOOL --generate-privkey --outfile $GNSCAKY
		176	$CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
		177	infomsg "Making private key available to gnunet-gns-proxy"
		178	cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM
		179	fi
159	}	180	}
160		181
161	importbrowsers()	182	importbrowsers()