From 91795c6f87a88ed1c1cd893dd926d823c197b647 Mon Sep 17 00:00:00 2001
From: "Schanzenbach, Martin" <mschanzenbach@posteo.de>
Date: Fri, 21 Jun 2019 22:48:27 +0200
Subject: fix #5675

---
 src/gns/gnunet-gns-proxy-setup-ca.in | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

(limited to 'src/gns/gnunet-gns-proxy-setup-ca.in')

diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in
index cd5d8c70f..931971cb0 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca.in
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -133,13 +133,20 @@ generate_ca()
 
     # ------------- openssl
 
-    OPENSSLCFG=@pkgdatadir@/openssl.cnf
-    if test -z "`openssl version`" > /dev/null
+    GNUTLS_CA_TEMPLATE=@pkgdatadir@/gnunet-gns-proxy-ca.template
+    CERTTOOL=""
+    if test -z "`gnutls-certtool --version`" > /dev/null
     then
-        warningmsg "'openssl' command not found. Please install it."
+      if test -z "`certtool --versionn`" > /dev/null
+      then
+        warningmsg "'gnutls-certtool' or 'certtool' command not found. Please install it."
         infomsg    "Cleaning up."
-        rm -f $GNSCAKY $GNSCANO $GNSCERT
+        rm -f $GNSCAKY $GNSCERT
         exit 1
+      fi
+      CERTTOOL="certtool"
+    else
+      CERTTOOL="gnutls-certtool"
     fi
     if [ -n "${GNUNET_CONFIG_FILE}" ]; then
         GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
@@ -149,13 +156,10 @@ generate_ca()
     GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`
     mkdir -p `dirname $GNS_CA_CERT_PEM`
 
-    openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
-
-    infomsg "Removing passphrase from key"
-    openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
-
+    $CERTTOOL --generate-privkey --outfile $GNSCAKY
+    $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
     infomsg "Making private key available to gnunet-gns-proxy"
-    cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
+    cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM
 }
 
 importbrowsers()
-- 
cgit v1.2.3