[Freeswitch-svn] [commit] r7234 - in freeswitch/trunk: . scripts
Freeswitch SVN
stkn at freeswitch.org
Tue Jan 15 09:53:06 EST 2008
Author: stkn
Date: Tue Jan 15 09:53:05 2008
New Revision: 7234
Added:
freeswitch/trunk/scripts/gentls_cert.in
Modified:
freeswitch/trunk/Makefile.am
freeswitch/trunk/configure.in
Log:
Add gentls_cert script to create a CA and certificate for mod_sofia TLS
Modified: freeswitch/trunk/Makefile.am
==============================================================================
--- freeswitch/trunk/Makefile.am (original)
+++ freeswitch/trunk/Makefile.am Tue Jan 15 09:53:05 2008
@@ -156,6 +156,7 @@
libfreeswitch_la_LDFLAGS += -lodbc
endif
+bin_SCRIPTS = scripts/gentls_cert
libs/libedit/src/.libs/libedit.a:
Modified: freeswitch/trunk/configure.in
==============================================================================
--- freeswitch/trunk/configure.in (original)
+++ freeswitch/trunk/configure.in Tue Jan 15 09:53:05 2008
@@ -424,7 +424,8 @@
src/include/switch_am_config.h
build/getsounds.sh
build/getlib.sh
- build/modmake.rules])
+ build/modmake.rules
+ scripts/gentls_cert])
AM_CONDITIONAL(ISLINUX, [test `uname -s` = Linux])
AM_CONDITIONAL(ISMAC, [test `uname -s` = Darwin])
Added: freeswitch/trunk/scripts/gentls_cert.in
==============================================================================
--- (empty file)
+++ freeswitch/trunk/scripts/gentls_cert.in Tue Jan 15 09:53:05 2008
@@ -0,0 +1,172 @@
+#!/bin/sh
+
+CONFDIR=@prefix@/conf/ssl
+DAYS=365
+
+TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"
+
+COMMON_NAME="FreesSWITCH CA"
+ALT_NAME="DNS:test.freeswitch.org"
+ORG_NAME="FreeSWITCH"
+
+umask 037
+
+setup_ca() {
+ echo "Creating new CA..."
+
+ if [ ! -d "${CONFDIR}/CA" ]; then
+ mkdir -p -m 750 "${CONFDIR}/CA" || exit 1
+ fi
+
+ if [ ! -e "${CONFDIR}/CA/config.tpl" ]; then
+ cat > "${CONFDIR}/CA/config.tpl" <<-EOF
+ [ req ]
+ default_bits = 1024
+ prompt = no
+ distinguished_name = req_dn
+
+ [ req_dn ]
+ commonName = %CN%
+ organizationName = %ORG%
+
+ [ ext ]
+ basicConstraints=CA:FALSE
+ subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid,issuer:always
+ subjectAltName=%ALTNAME%
+ EOF
+ fi
+
+ sed \
+ -e "s|%CN%|$COMMON_NAME|" \
+ -e "s|%ORG%|$ORG_NAME|" \
+ -e "/%ALTNAME%/d" \
+ -e "s|CA:FALSE|CA:TRUE|" \
+ "${CONFDIR}/CA/config.tpl" \
+ > "${TMPFILE}.cfg" || exit 1
+
+ openssl req -new -out "${CONFDIR}/CA/careq.pem" \
+ -newkey rsa:1024 -keyout "${CONFDIR}/CA/cakey.pem" \
+ -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
+
+ openssl x509 -req -signkey "${CONFDIR}/CA/cakey.pem" -in "${CONFDIR}/CA/careq.pem" \
+ -out "${CONFDIR}/CA/cacert.pem" -extfile "${TMPFILE}.cfg" \
+ -extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
+
+ rm "${TMPFILE}.cfg"
+
+ echo "DONE"
+}
+
+generate_cert() {
+ local val=""
+
+ echo "Generating new certificate..."
+
+ echo
+ echo "--------------------------------------------------------"
+ echo "CN: \"${COMMON_NAME}\""
+ echo "ORG_NAME: \"${ORG_NAME}\""
+ echo "ALT_NAME: \"${ALT_NAME}\""
+ echo
+ echo "[Enter \"OK\" to accept]"
+ read val
+ if [ "${val}" != "OK" ]; then
+ return 2
+ fi
+
+ sed \
+ -e "s|%CN%|$COMMON_NAME|" \
+ -e "s|%ALTNAME%|$ALT_NAME|" \
+ -e "s|%ORG%|$ORG_NAME|" \
+ "${CONFDIR}/CA/config.tpl" \
+ > "${TMPFILE}.cfg" || exit 1
+
+ openssl req -new -out "${TMPFILE}.req" \
+ -newkey rsa:1024 -keyout "${TMPFILE}.key" \
+ -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
+
+ openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \
+ -in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \
+ -extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
+
+ cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
+ cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/agent.pem"
+
+ rm "${TMPFILE}.cfg" "${TMPFILE}.crt" "${TMPFILE}.key" "${TMPFILE}.req"
+
+ echo "DONE"
+}
+
+remove_ca() {
+ echo "Cleaning CA"
+
+ if [ ! -d "${CONFDIR}/CA" ]; then
+ rm "${CONFDIR}/CA/"*
+ rmdir "${CONFDIR}/CA"
+ fi
+
+ echo "DONE"
+}
+
+command="$1"
+shift
+
+while [ $# -gt 0 ]; do
+ case $1 in
+ -cn)
+ shift
+ COMMON_NAME="$1"
+ ;;
+ -alt)
+ shift
+ ALT_NAME="$1"
+ ;;
+ -org)
+ shift
+ ORG_NAME="$1"
+ ;;
+ esac
+ shift
+done
+
+
+case ${command} in
+ setup)
+ setup_ca
+ ;;
+
+ create)
+ generate_cert
+ ;;
+
+ remove)
+ echo "Are you sure you want to delete the CA? [YES to delete]"
+ read val
+ if [ "${val}" = "YES" ]; then
+ remove_ca
+ else
+ echo "Not deleting CA"
+ fi
+ ;;
+
+ *)
+ cat <<-EOF
+ $0 <setup|create|clean> [options]
+
+ * commands:
+
+ setup - Setup new CA
+ create - Create new certificate (overwriting old!)
+ remove - Remove CA
+
+ * options:
+
+ -cn Set common name
+ -alt Set alternative name (use prefix 'DNS:' or 'URI:')
+ -org Set organization name
+
+ EOF
+ exit 1
+ ;;
+esac
More information about the Freeswitch-svn
mailing list