From: Simon Ruderich Date: Fri, 11 Mar 2011 21:37:54 +0000 (+0100) Subject: src/tlsproxy-add: Add, adds server certificates to tlsproxy. X-Git-Tag: 0.1~8 X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=c231c86212589d66ec19f359d216ea2b302706c7;p=tlsproxy%2Ftlsproxy.git src/tlsproxy-add: Add, adds server certificates to tlsproxy. --- diff --git a/src/Makefile.am b/src/Makefile.am index 4862879..26a0261 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -5,4 +5,4 @@ tlsproxy_SOURCES = \ connection.h connection.c \ log.h log.c \ verify.h verify.c -dist_bin_SCRIPTS = tlsproxy-setup +dist_bin_SCRIPTS = tlsproxy-setup tlsproxy-add diff --git a/src/tlsproxy-add b/src/tlsproxy-add new file mode 100755 index 0000000..92e2086 --- /dev/null +++ b/src/tlsproxy-add @@ -0,0 +1,69 @@ +#!/bin/sh + +# Add new server certificates to tlsproxy (also see below). +# +# Requires certtool (from GnuTLS). +# +# Copyright (C) 2011 Simon Ruderich +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +if [ "x$1" = x ]; then + echo "Usage: $0 []" + echo + echo "Add the server certificate (as .pem file) for " + echo " to tlsproxy. is not modified." + echo + echo "If is not given the certificate (PEM format) " + echo "is read from stdin." + echo + echo "The server certificate is NOT validated in any way, you must do " + echo "that before using this command or you risk using a insecure " + echo "certificate!" + echo + echo "Must be run in the tlsproxy directory where other configuration " + echo "files like proxy-ca.pem are stored." + exit 1 +fi + +tempfile=`mktemp` || exit 1 + +die() { + rm -f $tempfile + exit 1 +} + +# Generate server certificate for given host. +echo 'organization = tlsproxy' > $tempfile +echo "cn = $1" >> $tempfile +echo tls_www_server >> $tempfile +echo encryption_key >> $tempfile +echo signing_key >> $tempfile +certtool --generate-certificate \ + --load-privkey proxy-key.pem \ + --load-ca-certificate proxy-ca.pem \ + --load-ca-privkey proxy-ca-key.pem \ + --template $tempfile \ + --outfile "certificate-$1-proxy.pem" || die +rm $tempfile + +if [ "x$2" = x ]; then + echo please enter server certificate + cat > "certificate-$1-server.pem" +else + cp "$2" "certificate-$1-server.pem" +fi + +echo done