#
# Requires certtool (from GnuTLS).
#
-# Copyright (C) 2011 Simon Ruderich
+# Copyright (C) 2011-2013 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-if [ "x$1" = x ]; then
+set -e
+
+if test "$#" -ne 1 && test "$#" -ne 2; then
echo "Usage: $0 <hostname> [<server-certificate>]"
echo
echo "Add the server certificate <server-certificate> (as .pem file) for "
echo "is read from stdin."
echo
echo "The server certificate is NOT validated in any way, you must do "
- echo "that before using this command or you risk using a insecure "
+ echo "that before using this command or you risk using an insecure "
echo "certificate!"
echo
echo "Must be run in the tlsproxy directory where other configuration "
exit 1
fi
-tempfile=`mktemp` || exit 1
-
-die() {
- rm -f $tempfile
- exit 1
-}
+tempfile=`mktemp`
+trap 'rm -f "$tempfile"' EXIT
# Generate server certificate for given host.
-echo 'organization = tlsproxy' > $tempfile
-echo "cn = $1" >> $tempfile
-echo tls_www_server >> $tempfile
-echo encryption_key >> $tempfile
-echo signing_key >> $tempfile
+echo 'organization = tlsproxy' > "$tempfile"
+echo "cn = $1" >> "$tempfile"
+echo tls_www_server >> "$tempfile"
+echo encryption_key >> "$tempfile"
+echo signing_key >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-certificate \
--load-privkey proxy-key.pem \
--load-ca-certificate proxy-ca.pem \
--load-ca-privkey proxy-ca-key.pem \
- --template $tempfile \
- --outfile "certificate-$1-proxy.pem" || die
-rm $tempfile
+ --template "$tempfile" \
+ --outfile "certificate-$1-proxy.pem"
+rm "$tempfile"
-if [ "x$2" = x ]; then
- echo please enter server certificate
+if test "x$2" = x; then
+ echo 'Please enter server certificate (Ctrl-D to terminate input).'
cat > "certificate-$1-server.pem"
else
cp "$2" "certificate-$1-server.pem"