3 # Create necessary files to run tlsproxy in the current directory.
5 # Requires certtool (from GnuTLS).
7 # Copyright (C) 2011-2013 Simon Ruderich
9 # This program is free software: you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation, either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
26 trap 'rm -f "$tempfile"' EXIT
28 # Generate proxy CA key file.
29 certtool --generate-privkey \
30 --outfile proxy-ca-key.pem
32 echo 'cn = tlsproxy CA' > "$tempfile"
33 echo ca >> "$tempfile"
34 echo cert_signing_key >> "$tempfile"
35 certtool --generate-self-signed \
36 --load-privkey proxy-ca-key.pem \
37 --template "$tempfile" \
38 --outfile proxy-ca.pem
40 # Generate proxy key file.
41 certtool --generate-privkey \
42 --outfile proxy-key.pem
44 # Generate proxy "invalid" server certificate. It's used for problematic
46 echo 'organization = tlsproxy' > "$tempfile"
47 echo 'cn = invalid' >> "$tempfile"
48 echo tls_www_server >> "$tempfile"
49 echo encryption_key >> "$tempfile"
50 echo signing_key >> "$tempfile"
51 certtool --generate-self-signed \
52 --load-privkey proxy-key.pem \
53 --template "$tempfile" \
54 --outfile proxy-invalid.pem