X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy-setup;h=d76c998689454c38d004a93d304f00aa932302ee;hb=df1daac85cc5baa6ded75040b36e2b1743ac4a19;hp=1c653267a40486c9fe174a225d947d8d591bc449;hpb=d778944d0403b093d43d9cbd94bd298bfc3a8d42;p=tlsproxy%2Ftlsproxy.git diff --git a/src/tlsproxy-setup b/src/tlsproxy-setup index 1c65326..d76c998 100755 --- a/src/tlsproxy-setup +++ b/src/tlsproxy-setup @@ -20,26 +20,35 @@ # along with this program. If not, see . -tempfile=`mktemp` || exit 1 +set -e -die() { - rm -f "$tempfile" + +if test "$#" -ne 0; then + echo "Usage: $0" exit 1 -} +fi + +tempfile=`mktemp` +trap 'rm -f "$tempfile"' EXIT # Generate proxy CA key file. -certtool --generate-privkey > proxy-ca-key.pem || die +certtool --generate-privkey \ + --sec-param high \ + --outfile proxy-ca-key.pem # Generate proxy CA. echo 'cn = tlsproxy CA' > "$tempfile" echo ca >> "$tempfile" echo cert_signing_key >> "$tempfile" +echo 'expiration_days = 3650' >> "$tempfile" certtool --generate-self-signed \ --load-privkey proxy-ca-key.pem \ --template "$tempfile" \ - --outfile proxy-ca.pem || die + --outfile proxy-ca.pem # Generate proxy key file. -certtool --generate-privkey > proxy-key.pem || die +certtool --generate-privkey \ + --sec-param high \ + --outfile proxy-key.pem # Generate proxy "invalid" server certificate. It's used for problematic # connections. @@ -48,11 +57,17 @@ echo 'cn = invalid' >> "$tempfile" echo tls_www_server >> "$tempfile" echo encryption_key >> "$tempfile" echo signing_key >> "$tempfile" +echo 'expiration_days = 3650' >> "$tempfile" certtool --generate-self-signed \ --load-privkey proxy-key.pem \ --template "$tempfile" \ - --outfile proxy-invalid.pem || die + --outfile proxy-invalid.pem rm "$tempfile" +# Generate proxy Diffie-Hellman parameters. +certtool --generate-dh-params \ + --sec-param high \ + --outfile proxy-dh.pem + echo done