From 003606cc941a4580d787c9970193bb22e307c413 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 17 Feb 2019 22:33:17 +0100 Subject: add openssl.cnf --- src/gns/gnunet-gns-proxy-setup-ca.in | 79 ++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 src/gns/gnunet-gns-proxy-setup-ca.in (limited to 'src/gns/gnunet-gns-proxy-setup-ca.in') diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in new file mode 100644 index 000000000..d3753b074 --- /dev/null +++ b/src/gns/gnunet-gns-proxy-setup-ca.in @@ -0,0 +1,79 @@ +#!/bin/sh +# This shell script will generate an X509 certificate for your gnunet-gns-proxy +# and install it (for both GNUnet and your browser). +# + +# TODO: We should sed the real paths to the binaries involved here. +OPENSSLCFG=@PREFIX@ +if ! which openssl > /dev/null +then + echo "'openssl' command not found. Please install it." + exit 1 +fi + + +echo "Generating CA" +options='' +while getopts "c:" opt; do + case $opt in + c) + options="$options -c $OPTARG" + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + :) + echo "Option -$OPTARG requires an argument." >&2 + exit 1 + ;; + esac +done + +GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem` +GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem` +GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` +GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` +mkdir -p `dirname $GNS_CA_CERT_PEM` + +openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" + +echo "Removing passphrase from key" +openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO + +echo "Making private key available to gnunet-gns-proxy" +cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM + +if ! which certutil > /dev/null +then + echo "'certutil' command not found. Not importing into browsers." +else + echo "Importing CA into browsers" + for f in ~/.mozilla/firefox/*.*/ + do + if [ -d $f ]; then + echo "Importing CA info Firefox at $f" + # delete old certificate (if any) + certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null + # add new certificate + certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT + fi + done + + if [ -d ~/.pki/nssdb/ ]; then + echo "Importing CA into Chrome at ~/.pki/nssdb/" + # delete old certificate (if any) + certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null + # add new certificate + certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT + fi +fi + +echo "Cleaning up." +rm -f $GNSCAKY $GNSCANO $GNSCERT + +echo "===================================" +echo "You can now start gnunet-gns-proxy." +echo "Afterwards, configure your browser " +echo " to use a SOCKS proxy on port 7777." +echo "===================================" -- cgit v1.2.3