[Freeswitch-svn] [commit] r7234 - in freeswitch/trunk: . scripts

Freeswitch SVN stkn at freeswitch.org
Tue Jan 15 09:53:06 EST 2008


Author: stkn
Date: Tue Jan 15 09:53:05 2008
New Revision: 7234

Added:
   freeswitch/trunk/scripts/gentls_cert.in
Modified:
   freeswitch/trunk/Makefile.am
   freeswitch/trunk/configure.in

Log:
Add gentls_cert script to create a CA and certificate for mod_sofia TLS

Modified: freeswitch/trunk/Makefile.am
==============================================================================
--- freeswitch/trunk/Makefile.am	(original)
+++ freeswitch/trunk/Makefile.am	Tue Jan 15 09:53:05 2008
@@ -156,6 +156,7 @@
 libfreeswitch_la_LDFLAGS     += -lodbc
 endif
 
+bin_SCRIPTS = scripts/gentls_cert
 
 
 libs/libedit/src/.libs/libedit.a:

Modified: freeswitch/trunk/configure.in
==============================================================================
--- freeswitch/trunk/configure.in	(original)
+++ freeswitch/trunk/configure.in	Tue Jan 15 09:53:05 2008
@@ -424,7 +424,8 @@
                 src/include/switch_am_config.h
                 build/getsounds.sh
                 build/getlib.sh
-                build/modmake.rules])
+                build/modmake.rules
+                scripts/gentls_cert])
 
 AM_CONDITIONAL(ISLINUX, [test `uname -s` = Linux])
 AM_CONDITIONAL(ISMAC, [test `uname -s` = Darwin])

Added: freeswitch/trunk/scripts/gentls_cert.in
==============================================================================
--- (empty file)
+++ freeswitch/trunk/scripts/gentls_cert.in	Tue Jan 15 09:53:05 2008
@@ -0,0 +1,172 @@
+#!/bin/sh
+
+CONFDIR=@prefix@/conf/ssl
+DAYS=365
+
+TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"
+
+COMMON_NAME="FreesSWITCH CA"
+ALT_NAME="DNS:test.freeswitch.org"
+ORG_NAME="FreeSWITCH"
+
+umask 037
+
+setup_ca() {
+	echo "Creating new CA..."
+
+	if [ ! -d "${CONFDIR}/CA" ]; then
+		mkdir -p -m 750 "${CONFDIR}/CA" || exit  1
+	fi
+
+	if [ ! -e "${CONFDIR}/CA/config.tpl" ]; then
+		cat > "${CONFDIR}/CA/config.tpl" <<-EOF
+			[ req ]
+			default_bits            = 1024
+			prompt                  = no
+			distinguished_name      = req_dn
+
+			[ req_dn ]
+			commonName              = %CN%
+			organizationName	= %ORG%
+
+			[ ext ]
+			basicConstraints=CA:FALSE
+			subjectKeyIdentifier=hash
+			authorityKeyIdentifier=keyid,issuer:always
+			subjectAltName=%ALTNAME%
+		EOF
+	fi
+
+	sed \
+		-e "s|%CN%|$COMMON_NAME|" \
+		-e "s|%ORG%|$ORG_NAME|" \
+		-e "/%ALTNAME%/d" \
+		-e "s|CA:FALSE|CA:TRUE|" \
+		"${CONFDIR}/CA/config.tpl" \
+			> "${TMPFILE}.cfg" || exit 1
+
+	openssl req -new -out "${CONFDIR}/CA/careq.pem" \
+		-newkey rsa:1024 -keyout "${CONFDIR}/CA/cakey.pem" \
+		-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
+
+	openssl x509 -req -signkey "${CONFDIR}/CA/cakey.pem" -in "${CONFDIR}/CA/careq.pem" \
+		-out "${CONFDIR}/CA/cacert.pem" -extfile "${TMPFILE}.cfg" \
+		-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
+
+	rm "${TMPFILE}.cfg"
+
+	echo "DONE"
+}
+
+generate_cert() {
+	local val=""
+
+	echo "Generating new certificate..."
+
+	echo
+	echo "--------------------------------------------------------"
+	echo "CN: \"${COMMON_NAME}\""
+	echo "ORG_NAME: \"${ORG_NAME}\""
+	echo "ALT_NAME: \"${ALT_NAME}\""
+	echo
+	echo "[Enter \"OK\" to accept]"
+	read val
+	if [ "${val}" != "OK" ]; then
+		return 2
+	fi
+
+	sed \
+		-e "s|%CN%|$COMMON_NAME|" \
+		-e "s|%ALTNAME%|$ALT_NAME|" \
+		-e "s|%ORG%|$ORG_NAME|" \
+		"${CONFDIR}/CA/config.tpl" \
+			> "${TMPFILE}.cfg" || exit 1
+
+	openssl req -new -out "${TMPFILE}.req" \
+		-newkey rsa:1024 -keyout "${TMPFILE}.key" \
+		-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
+
+	openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \
+		-in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \
+		-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
+
+	cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
+	cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/agent.pem"
+
+	rm "${TMPFILE}.cfg" "${TMPFILE}.crt" "${TMPFILE}.key" "${TMPFILE}.req"
+
+	echo "DONE"
+}
+
+remove_ca() {
+	echo "Cleaning CA"
+
+	if [ ! -d "${CONFDIR}/CA" ]; then
+		rm "${CONFDIR}/CA/"*
+		rmdir "${CONFDIR}/CA"
+	fi
+
+	echo "DONE"
+}
+
+command="$1"
+shift
+
+while [ $# -gt 0 ]; do
+	case $1 in
+		-cn)
+			shift
+			COMMON_NAME="$1"
+			;;
+		-alt)
+			shift
+			ALT_NAME="$1"
+			;;
+		-org)
+			shift
+			ORG_NAME="$1"
+			;;
+	esac
+	shift
+done
+
+
+case ${command} in
+	setup)
+		setup_ca
+		;;
+
+	create)
+		generate_cert
+		;;
+
+	remove)
+		echo "Are you sure you want to delete the CA? [YES to delete]"
+		read val
+		if [ "${val}" = "YES" ]; then
+			remove_ca
+		else
+			echo "Not deleting CA"
+		fi
+		;;
+
+	*)
+		cat <<-EOF
+		$0 <setup|create|clean> [options]
+
+		  * commands:
+
+		    setup  - Setup new CA
+		    create - Create new certificate (overwriting old!)
+		    remove - Remove CA
+
+		  * options:
+
+		   -cn       Set common name
+		   -alt      Set alternative name (use prefix 'DNS:' or 'URI:')
+		   -org      Set organization name
+
+		EOF
+		exit 1
+		;;
+esac



More information about the Freeswitch-svn mailing list