blob: 57de8cf0d76b183e87da4a558ffb0330b5e8e3e3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#!/bin/sh
#
# This is a wrapper script to create default certificates when the
# server first starts in debugging mode. Once the certificates have been
# created, this file should be deleted.
#
# Ideally, this program should be run as part of the installation of any
# binary package. The installation should also ensure that the permissions
# and owners are correct for the files generated by this script.
#
# $Id$
#
umask 027
cd `dirname $0`
make -h > /dev/null 2>&1
#
# If we have a working "make", then use it. Otherwise, run the commands
# manually.
#
if [ "$?" = "0" ]; then
make all
exit $?
fi
#
# The following commands were created by running "make -n", and edited
# to remove the trailing backslash, and to add "exit 1" after the commands.
#
# Don't edit the following text. Instead, edit the Makefile, and
# re-generate these commands.
#
if [ ! -f dh ]; then
openssl dhparam -out dh 2048 || exit 1
if [ -e /dev/urandom ] ; then
ln -sf /dev/urandom random
else
date > ./random;
fi
fi
if [ ! -f server.key ]; then
openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
chmod g+r server.key
fi
if [ ! -f ca.key ]; then
openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
fi
if [ ! -f index.txt ]; then
touch index.txt
fi
if [ ! -f serial ]; then
echo '01' > serial
fi
if [ ! -f server.crt ]; then
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1
fi
if [ ! -f server.p12 ]; then
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
chmod g+r server.p12
fi
if [ ! -f server.pem ]; then
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
openssl verify -CAfile ca.pem server.pem || exit 1
chmod g+r server.pem
fi
if [ ! -f ca.der ]; then
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
fi
if [ ! -f client.key ]; then
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
chmod g+r client.key
fi
if [ ! -f client.crt ]; then
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
fi
|
