src/tlsproxy-add: Add, adds server certificates to tlsproxy.

diff --git a/src/Makefile.am b/src/Makefile.am
index 486287910e2fccfd9033644e5433a656521b4031..26a0261ab1c19e782196d71699572ffc115c37dd 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,4 +5,4 @@ tlsproxy_SOURCES = \
        connection.h connection.c \
        log.h log.c \
        verify.h verify.c
-dist_bin_SCRIPTS = tlsproxy-setup
+dist_bin_SCRIPTS = tlsproxy-setup tlsproxy-add

diff --git a/src/tlsproxy-add b/src/tlsproxy-add
new file mode 100755 (executable)
index 0000000..92e2086
--- /dev/null
+++ b/src/tlsproxy-add
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Add new server certificates to tlsproxy (also see below).
+#
+# Requires certtool (from GnuTLS).
+#
+# Copyright (C) 2011  Simon Ruderich
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+if [ "x$1" = x ]; then
+    echo "Usage: $0 <hostname> [<server-certificate>]"
+    echo
+    echo "Add the server certificate <server-certificate> (as .pem file) for "
+    echo "<hostname> to tlsproxy. <server-certificate> is not modified."
+    echo
+    echo "If <server-certificate> is not given the certificate (PEM format) "
+    echo "is read from stdin."
+    echo
+    echo "The server certificate is NOT validated in any way, you must do "
+    echo "that before using this command or you risk using a insecure "
+    echo "certificate!"
+    echo
+    echo "Must be run in the tlsproxy directory where other configuration "
+    echo "files like proxy-ca.pem are stored."
+    exit 1
+fi
+
+tempfile=`mktemp` || exit 1
+
+die() {
+    rm -f $tempfile
+    exit 1
+}
+
+# Generate server certificate for given host.
+echo 'organization = tlsproxy' > $tempfile
+echo "cn = $1"                >> $tempfile
+echo tls_www_server           >> $tempfile
+echo encryption_key           >> $tempfile
+echo signing_key              >> $tempfile
+certtool --generate-certificate \
+         --load-privkey proxy-key.pem \
+         --load-ca-certificate proxy-ca.pem \
+         --load-ca-privkey proxy-ca-key.pem \
+         --template $tempfile \
+         --outfile "certificate-$1-proxy.pem" || die
+rm $tempfile
+
+if [ "x$2" = x ]; then
+    echo please enter server certificate
+    cat > "certificate-$1-server.pem"
+else
+    cp "$2" "certificate-$1-server.pem"
+fi
+
+echo done