[GNUnet-SVN] r21902 - gnunet/src/gns

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r21902 - gnunet/src/gns

From:	gnunet
Subject:	[GNUnet-SVN] r21902 - gnunet/src/gns
Date:	Tue, 12 Jun 2012 12:04:51 +0200

Author: schanzen
Date: 2012-06-12 12:04:51 +0200 (Tue, 12 Jun 2012)
New Revision: 21902

Added:
   gnunet/src/gns/createProxyCa.sh
Modified:
   gnunet/src/gns/gns.conf.in
   gnunet/src/gns/gnunet-gns-proxy.c
Log:
Script for CA generation. Making it easy with config option

Added: gnunet/src/gns/createProxyCa.sh
===================================================================
--- gnunet/src/gns/createProxyCa.sh                             (rev 0)
+++ gnunet/src/gns/createProxyCa.sh     2012-06-12 10:04:51 UTC (rev 21902)
@@ -0,0 +1,20 @@
+echo "Generating CA"
+
+openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out 
gnscacert.pem -subj "/C=DE/ST=Bavaria/L=Munich/O=TUM/OU=IN/CN=GNS Proxy 
CA/address@hidden" -passout pass:"GNUnet Naming System"
+
+echo "Removing passphrase from key"
+openssl rsa -passin pass:"GNUnet Naming System" -in gnscakey.pem -out 
gnscakeynoenc.pem
+
+cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem
+cat gnscacert.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakey.pem
+cat gnscacert.pem
+
+echo "Cleaning up"
+rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem
+
+echo "Next steps:"
+echo "1. The new CA will be used automatically by the proxy with the default 
settings"
+echo "2. Please import the certificate $HOME/.gnunet/gns/gnscert.pem into the 
browser of your choice"
+echo "3. Start gnunet-gns-proxy and configure your broser to use a SOCKS proxy 
on port 7777"

Modified: gnunet/src/gns/gns.conf.in
===================================================================
--- gnunet/src/gns/gns.conf.in  2012-06-12 09:36:48 UTC (rev 21901)
+++ gnunet/src/gns/gns.conf.in  2012-06-12 10:04:51 UTC (rev 21902)
@@ -16,7 +16,8 @@
 ZONE_PUT_INTERVAL = 900
 
 [gns-proxy]
-PROXY_UNIXPATH= /tmp/gnunet-gns-proxy.sock
+PROXY_CACERT = $SERVICEHOME/gns/gnsCAcert.pem
+PROXY_UNIXPATH = /tmp/gnunet-gns-proxy.sock
 
 [fcfsd]
 HTTPPORT = 18080

Modified: gnunet/src/gns/gnunet-gns-proxy.c
===================================================================
--- gnunet/src/gns/gnunet-gns-proxy.c   2012-06-12 09:36:48 UTC (rev 21901)
+++ gnunet/src/gns/gnunet-gns-proxy.c   2012-06-12 10:04:51 UTC (rev 21902)
@@ -228,7 +228,7 @@
 static unsigned long port = GNUNET_GNS_PROXY_PORT;
 
 /* The CA file (pem) to use for the proxy CA */
-static char* cafile;
+static char* cafile_opt;
 
 /* The listen socket of the proxy */
 static struct GNUNET_NETWORK_Handle *lsock;
@@ -2260,7 +2260,7 @@
   if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load zone key!\n");
+                "Unable to load zone key %s!\n", keyfile);
     GNUNET_free(keyfile);
     return GNUNET_NO;
   }
@@ -2305,14 +2305,14 @@
                                                           &keyfile))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load zone key config value!\n");
+                "Unable to load shorten key config value! (not fatal)\n");
     return GNUNET_NO;
   }
 
   if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load zone key!\n");
+                "Unable to load shorten key %s! (not fatal)\n", keyfile);
     GNUNET_free(keyfile);
     return GNUNET_NO;
   }
@@ -2349,10 +2349,29 @@
   struct sockaddr_un mhd_unix_sock_addr;
   size_t len;
   char* proxy_sockfile;
+  char* cafile_cfg = NULL;
+  char* cafile;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Loading CA\n");
+  
+  cafile = cafile_opt;
 
+  if (NULL == cafile)
+  {
+    if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy",
+                                                          "PROXY_CACERT",
+                                                          &cafile_cfg))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Unable to load proxy CA config value!\n");
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "No proxy CA provided!\n");
+      return;
+    }
+    cafile = cafile_cfg;
+  }
+  
   gnutls_global_init ();
 
   gnutls_x509_crt_init (&proxy_ca.cert);
@@ -2360,6 +2379,9 @@
   
   load_cert_from_file (proxy_ca.cert, cafile);
   load_key_from_file (proxy_ca.key, cafile);
+
+  if (cafile_cfg)
+    GNUNET_free (cafile_cfg);
   
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Loading Template\n");
@@ -2524,7 +2546,7 @@
      &GNUNET_GETOPT_set_string, &port},
     {'a', "authority", NULL,
       gettext_noop ("pem file to use as CA"), 1,
-      &GNUNET_GETOPT_set_string, &cafile},
+      &GNUNET_GETOPT_set_string, &cafile_opt},
     GNUNET_GETOPT_OPTION_END
   };

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r21902 - gnunet/src/gns, gnunet <=

Prev by Date: [GNUnet-SVN] r21901 - gnunet/src/transport
Next by Date: [GNUnet-SVN] r21903 - gnunet/src/namestore
Previous by thread: [GNUnet-SVN] r21901 - gnunet/src/transport
Next by thread: [GNUnet-SVN] r21903 - gnunet/src/namestore
Index(es):
- Date
- Thread