[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r21902 - gnunet/src/gns
From: |
gnunet |
Subject: |
[GNUnet-SVN] r21902 - gnunet/src/gns |
Date: |
Tue, 12 Jun 2012 12:04:51 +0200 |
Author: schanzen
Date: 2012-06-12 12:04:51 +0200 (Tue, 12 Jun 2012)
New Revision: 21902
Added:
gnunet/src/gns/createProxyCa.sh
Modified:
gnunet/src/gns/gns.conf.in
gnunet/src/gns/gnunet-gns-proxy.c
Log:
Script for CA generation. Making it easy with config option
Added: gnunet/src/gns/createProxyCa.sh
===================================================================
--- gnunet/src/gns/createProxyCa.sh (rev 0)
+++ gnunet/src/gns/createProxyCa.sh 2012-06-12 10:04:51 UTC (rev 21902)
@@ -0,0 +1,20 @@
+echo "Generating CA"
+
+openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out
gnscacert.pem -subj "/C=DE/ST=Bavaria/L=Munich/O=TUM/OU=IN/CN=GNS Proxy
CA/address@hidden" -passout pass:"GNUnet Naming System"
+
+echo "Removing passphrase from key"
+openssl rsa -passin pass:"GNUnet Naming System" -in gnscakey.pem -out
gnscakeynoenc.pem
+
+cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem
+cat gnscacert.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakey.pem
+cat gnscacert.pem
+
+echo "Cleaning up"
+rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem
+
+echo "Next steps:"
+echo "1. The new CA will be used automatically by the proxy with the default
settings"
+echo "2. Please import the certificate $HOME/.gnunet/gns/gnscert.pem into the
browser of your choice"
+echo "3. Start gnunet-gns-proxy and configure your broser to use a SOCKS proxy
on port 7777"
Modified: gnunet/src/gns/gns.conf.in
===================================================================
--- gnunet/src/gns/gns.conf.in 2012-06-12 09:36:48 UTC (rev 21901)
+++ gnunet/src/gns/gns.conf.in 2012-06-12 10:04:51 UTC (rev 21902)
@@ -16,7 +16,8 @@
ZONE_PUT_INTERVAL = 900
[gns-proxy]
-PROXY_UNIXPATH= /tmp/gnunet-gns-proxy.sock
+PROXY_CACERT = $SERVICEHOME/gns/gnsCAcert.pem
+PROXY_UNIXPATH = /tmp/gnunet-gns-proxy.sock
[fcfsd]
HTTPPORT = 18080
Modified: gnunet/src/gns/gnunet-gns-proxy.c
===================================================================
--- gnunet/src/gns/gnunet-gns-proxy.c 2012-06-12 09:36:48 UTC (rev 21901)
+++ gnunet/src/gns/gnunet-gns-proxy.c 2012-06-12 10:04:51 UTC (rev 21902)
@@ -228,7 +228,7 @@
static unsigned long port = GNUNET_GNS_PROXY_PORT;
/* The CA file (pem) to use for the proxy CA */
-static char* cafile;
+static char* cafile_opt;
/* The listen socket of the proxy */
static struct GNUNET_NETWORK_Handle *lsock;
@@ -2260,7 +2260,7 @@
if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to load zone key!\n");
+ "Unable to load zone key %s!\n", keyfile);
GNUNET_free(keyfile);
return GNUNET_NO;
}
@@ -2305,14 +2305,14 @@
&keyfile))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to load zone key config value!\n");
+ "Unable to load shorten key config value! (not fatal)\n");
return GNUNET_NO;
}
if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to load zone key!\n");
+ "Unable to load shorten key %s! (not fatal)\n", keyfile);
GNUNET_free(keyfile);
return GNUNET_NO;
}
@@ -2349,10 +2349,29 @@
struct sockaddr_un mhd_unix_sock_addr;
size_t len;
char* proxy_sockfile;
+ char* cafile_cfg = NULL;
+ char* cafile;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Loading CA\n");
+
+ cafile = cafile_opt;
+ if (NULL == cafile)
+ {
+ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy",
+ "PROXY_CACERT",
+ &cafile_cfg))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to load proxy CA config value!\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "No proxy CA provided!\n");
+ return;
+ }
+ cafile = cafile_cfg;
+ }
+
gnutls_global_init ();
gnutls_x509_crt_init (&proxy_ca.cert);
@@ -2360,6 +2379,9 @@
load_cert_from_file (proxy_ca.cert, cafile);
load_key_from_file (proxy_ca.key, cafile);
+
+ if (cafile_cfg)
+ GNUNET_free (cafile_cfg);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Loading Template\n");
@@ -2524,7 +2546,7 @@
&GNUNET_GETOPT_set_string, &port},
{'a', "authority", NULL,
gettext_noop ("pem file to use as CA"), 1,
- &GNUNET_GETOPT_set_string, &cafile},
+ &GNUNET_GETOPT_set_string, &cafile_opt},
GNUNET_GETOPT_OPTION_END
};
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r21902 - gnunet/src/gns,
gnunet <=