blob: 0a6fab18a5a0a07e2b7d59d256def7128806e027 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#!/bin/sh
# This shell script will generate an X509 certificate for your gnunet-gns-proxy
# and install it (for both GNUnet and your browser).
#
OPENSSLCFG=@pkgdatadir@/openssl.cnf
if ! which openssl > /dev/null
then
echo "'openssl' command not found. Please install it."
exit 1
fi
echo "Generating CA"
options=''
while getopts "c:" opt; do
case $opt in
c)
options="$options -c $OPTARG"
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem`
GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem`
GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
mkdir -p `dirname $GNS_CA_CERT_PEM`
openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
echo "Removing passphrase from key"
openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
echo "Making private key available to gnunet-gns-proxy"
cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
if ! which certutil > /dev/null
then
echo "The 'certutil' command was not found. Not importing into browsers."
echo "For 'certutil' install nss."
else
echo "Importing CA into browsers"
for f in ~/.mozilla/firefox/*.*/
do
if [ -d $f ]; then
echo "Importing CA info Firefox at $f"
# delete old certificate (if any)
certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
# add new certificate
certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
fi
done
if [ -d ~/.pki/nssdb/ ]; then
echo "Importing CA into Chrome at ~/.pki/nssdb/"
# delete old certificate (if any)
certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
# add new certificate
certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
fi
fi
echo "Cleaning up."
rm -f $GNSCAKY $GNSCANO $GNSCERT
echo "==================================="
echo "You can now start gnunet-gns-proxy."
echo "Afterwards, configure your browser "
echo " to use a SOCKS proxy on port 7777."
echo "==================================="
|
