--- /dev/null
+echo "Generating CA"
+
+openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out gnscacert.pem -subj "/C=DE/ST=Bavaria/L=Munich/O=TUM/OU=IN/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNUnet Naming System"
+
+echo "Removing passphrase from key"
+openssl rsa -passin pass:"GNUnet Naming System" -in gnscakey.pem -out gnscakeynoenc.pem
+
+cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem
+cat gnscacert.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakey.pem
+cat gnscacert.pem
+
+echo "Cleaning up"
+rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem
+
+echo "Next steps:"
+echo "1. The new CA will be used automatically by the proxy with the default settings"
+echo "2. Please import the certificate $HOME/.gnunet/gns/gnscert.pem into the browser of your choice"
+echo "3. Start gnunet-gns-proxy and configure your broser to use a SOCKS proxy on port 7777"
static unsigned long port = GNUNET_GNS_PROXY_PORT;
/* The CA file (pem) to use for the proxy CA */
-static char* cafile;
+static char* cafile_opt;
/* The listen socket of the proxy */
static struct GNUNET_NETWORK_Handle *lsock;
if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to load zone key!\n");
+ "Unable to load zone key %s!\n", keyfile);
GNUNET_free(keyfile);
return GNUNET_NO;
}
&keyfile))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to load zone key config value!\n");
+ "Unable to load shorten key config value! (not fatal)\n");
return GNUNET_NO;
}
if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to load zone key!\n");
+ "Unable to load shorten key %s! (not fatal)\n", keyfile);
GNUNET_free(keyfile);
return GNUNET_NO;
}
struct sockaddr_un mhd_unix_sock_addr;
size_t len;
char* proxy_sockfile;
+ char* cafile_cfg = NULL;
+ char* cafile;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Loading CA\n");
+
+ cafile = cafile_opt;
+ if (NULL == cafile)
+ {
+ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy",
+ "PROXY_CACERT",
+ &cafile_cfg))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to load proxy CA config value!\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "No proxy CA provided!\n");
+ return;
+ }
+ cafile = cafile_cfg;
+ }
+
gnutls_global_init ();
gnutls_x509_crt_init (&proxy_ca.cert);
load_cert_from_file (proxy_ca.cert, cafile);
load_key_from_file (proxy_ca.key, cafile);
+
+ if (cafile_cfg)
+ GNUNET_free (cafile_cfg);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Loading Template\n");
&GNUNET_GETOPT_set_string, &port},
{'a', "authority", NULL,
gettext_noop ("pem file to use as CA"), 1,
- &GNUNET_GETOPT_set_string, &cafile},
+ &GNUNET_GETOPT_set_string, &cafile_opt},
GNUNET_GETOPT_OPTION_END
};
projects / oweals / gnunet.git / commitdiff