X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy-setup;h=d553404eba931a749c7e4218212e7304486ab507;hb=219d904b7d12173ee93d016fe1a2cb8ae32eea9c;hp=9f17f0b75996a20281ec2d7e8bd439aea3263157;hpb=7c04a6ce058abc6819c046cbaec22b9db302f048;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/tlsproxy-setup b/src/tlsproxy-setup
index 9f17f0b..d553404 100755
--- a/src/tlsproxy-setup
+++ b/src/tlsproxy-setup
@@ -4,7 +4,7 @@
 #
 # Requires certtool (from GnuTLS).
 #
-# Copyright (C) 2011  Simon Ruderich
+# Copyright (C) 2011-2013  Simon Ruderich
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,37 +20,48 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-tempfile=`mktemp` || exit 1
+set -e
 
-die() {
-    rm -f $tempfile
-    exit 1
-}
+tempfile=`mktemp`
+trap 'rm -f "$tempfile"' EXIT
 
 # Generate proxy CA key file.
-certtool --generate-privkey > proxy-ca-key.pem || die
+certtool --generate-privkey \
+         --sec-param high \
+         --outfile proxy-ca-key.pem
 # Generate proxy CA.
-echo 'cn = tlsproxy CA' > $tempfile
-echo ca                >> $tempfile
-echo cert_signing_key  >> $tempfile
+echo 'cn = tlsproxy CA' > "$tempfile"
+echo ca                >> "$tempfile"
+echo cert_signing_key  >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
 certtool --generate-self-signed \
          --load-privkey proxy-ca-key.pem \
-         --template $tempfile \
-         --outfile proxy-ca.pem || die
+         --template "$tempfile" \
+         --outfile proxy-ca.pem
 
 # Generate proxy key file.
-certtool --generate-privkey > proxy-key.pem || die
+certtool --generate-privkey \
+         --sec-param high \
+         --outfile proxy-key.pem
 
 # Generate proxy "invalid" server certificate. It's used for problematic
 # connections.
-echo 'organization = tlsproxy' > $tempfile
-echo 'cn = invalid'           >> $tempfile
-echo tls_www_server           >> $tempfile
-echo encryption_key           >> $tempfile
-echo signing_key              >> $tempfile
+echo 'organization = tlsproxy' > "$tempfile"
+echo 'cn = invalid'           >> "$tempfile"
+echo tls_www_server           >> "$tempfile"
+echo encryption_key           >> "$tempfile"
+echo signing_key              >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
 certtool --generate-self-signed \
          --load-privkey proxy-key.pem \
-         --template $tempfile \
-         --outfile proxy-invalid.pem || die
+         --template "$tempfile" \
+         --outfile proxy-invalid.pem
 
-rm $tempfile
+rm "$tempfile"
+
+# Generate proxy Diffie-Hellman parameters.
+certtool --generate-dh-params \
+         --sec-param high \
+         --outfile proxy-dh.pem
+
+echo done