From: Simon Ruderich Date: Fri, 11 Mar 2011 02:03:50 +0000 (+0100) Subject: src/tlsproxy-setup.sh: Add. Creates files to use tlsproxy. X-Git-Tag: 0.1~14 X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=9daed8d9714796db166cfe65173e0c4307aedd87;p=tlsproxy%2Ftlsproxy.git src/tlsproxy-setup.sh: Add. Creates files to use tlsproxy. --- diff --git a/src/tlsproxy-setup.sh b/src/tlsproxy-setup.sh new file mode 100755 index 0000000..9f17f0b --- /dev/null +++ b/src/tlsproxy-setup.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +# Create necessary files to run tlsproxy in the current directory. +# +# Requires certtool (from GnuTLS). +# +# Copyright (C) 2011 Simon Ruderich +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +tempfile=`mktemp` || exit 1 + +die() { + rm -f $tempfile + exit 1 +} + +# Generate proxy CA key file. +certtool --generate-privkey > proxy-ca-key.pem || die +# Generate proxy CA. +echo 'cn = tlsproxy CA' > $tempfile +echo ca >> $tempfile +echo cert_signing_key >> $tempfile +certtool --generate-self-signed \ + --load-privkey proxy-ca-key.pem \ + --template $tempfile \ + --outfile proxy-ca.pem || die + +# Generate proxy key file. +certtool --generate-privkey > proxy-key.pem || die + +# Generate proxy "invalid" server certificate. It's used for problematic +# connections. +echo 'organization = tlsproxy' > $tempfile +echo 'cn = invalid' >> $tempfile +echo tls_www_server >> $tempfile +echo encryption_key >> $tempfile +echo signing_key >> $tempfile +certtool --generate-self-signed \ + --load-privkey proxy-key.pem \ + --template $tempfile \ + --outfile proxy-invalid.pem || die + +rm $tempfile