From 31172b9c00335a51c605b6705113c1ff857fa158 Mon Sep 17 00:00:00 2001 From: Denis Knauf Date: Thu, 11 Jan 2018 21:35:43 +0100 Subject: [PATCH] %.dh for generating diffie-hellmann-params added. sslmake BITS=1234 (default 4096) added. --- Makefile | 5 +++-- sslmake-gnutls | 19 +++++++++++++------ sslmake-openssl | 23 +++++++++++++++-------- 3 files changed, 31 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index f7ee3f2..10e6f0d 100644 --- a/Makefile +++ b/Makefile @@ -5,9 +5,10 @@ D ?= / all: @echo Choose: If you prefer openssl, use install-openssl. If you prefer gnutls, use install-gnutls. - @echo If you use install, openssl will be used. + @echo If you use install, gnutls will be used. + @echo gnutls has an easier configfile-format (%.cfg) instead of the a little more complex openssl format (%.cnf). -install: install-openssl +install: install-gnutls $(D)/$(EPREFIX): install --owner root --group root --mode 0755 -d $(D)/$(EPREFIX) diff --git a/sslmake-gnutls b/sslmake-gnutls index 0f78785..cc0d463 100755 --- a/sslmake-gnutls +++ b/sslmake-gnutls @@ -2,14 +2,17 @@ # vi:set filetype=makefile NULL=0 exec make "CALL=$0" "EXE=`which $0`" -f "`which $0`" -- "$@" -EXE ?= sslmake +BITS ?= 4069 +EXE ?= sslmake CALL ?= `which $(EXE)` DEFAULTCFG ?= template.cfg -S ?= . +S ?= . + CERTTOOL ?= /usr/bin/certtool -GENKEY = $(CERTTOOL) --generate-privkey --disable-quick-random -GENREQ = $(CERTTOOL) --generate-request -GENCRT = $(CERTTOOL) --generate-certificate +GENKEY ?= $(CERTTOOL) --generate-privkey --disable-quick-random +GENREQ ?= $(CERTTOOL) --generate-request +GENCRT ?= $(CERTTOOL) --generate-certificate +GENDH ?= $(CERTTOOL) --generate-dh-params --disable-quick-random all: help --help -h: help @@ -19,6 +22,7 @@ all: help help: @echo -e "\ Creates SSL-keys and -certificate requests named %.key/%.csr (replace % by name)\n\ + BITS=strength: for setting bit-strength (default $(BITS))\n\ --help -h: Display this help message.\n\ --renew -r: Renews %.csr for all %.key.\n\ --build -b: Builds %.csr and %.key for every %.cfg if doesn't exist.\n\ @@ -44,7 +48,10 @@ root.crt: cp "$(DEFAULTCFG)" "$(@)" %.key: - $(GENKEY) --outfile "$(@)" --sec-param normal + $(GENKEY) --outfile "$(@)" --bits $(BITS) + +%.dh: + umask 177 ; $(GENDH) --outfile "$(@)" --bits $(BITS) %.csr: %.cfg %.key $(GENREQ) --template "$(*).cfg" --load-privkey "$(*).key" --outfile "$(@)" diff --git a/sslmake-openssl b/sslmake-openssl index 411bcdb..e377352 100755 --- a/sslmake-openssl +++ b/sslmake-openssl @@ -2,14 +2,17 @@ # vi:set filetype=makefile NULL=0 exec make "CALL=$0" "EXE=`which $0`" -f "`which $0`" -- "$@" -EXE ?= sslmake -CALL ?= `which $(EXE)` +BITS ?= 4096 +EXE ?= sslmake +CALL ?= `which $(EXE)` DEFAULTOPENSSLCNF ?= /etc/ssl/openssl.cnf -S ?= . +S ?= . + OPENSSL ?= /usr/bin/openssl -GENRSA = $(OPENSSL) genrsa -REQ = $(OPENSSL) req -SIGN = $(OPENSSL) x509 +GENRSA ?= $(OPENSSL) genrsa +GENDH ?= $(OPENSSL) gendh +GENREQ ?= $(OPENSSL) req +SIGN ?= $(OPENSSL) x509 all: help --help -h: help @@ -19,6 +22,7 @@ all: help help: @echo -e "\ Creates SSL-keys and -certificate requests named %.key/%.csr (replace % by name)\n\ + BITS=strength: for setting bit-strength (default $(BITS))\n\ --help -h: Display this help message.\n\ --renew -r: Renews %.csr for all %.key.\n\ --build -b: Builds %.csr and %.key for every %.cnf if doesn't exist.\n\ @@ -44,10 +48,13 @@ root.crt: cp "$(DEFAULTOPENSSLCNF)" "$(@)" %.key: - umask 177 ; $(GENRSA) -out "$(@)" 4096 + umask 177 ; $(GENRSA) -out "$(@)" $(BITS) + +%.dh: + umask 177 ; $(GENDH) -out "$(@)" $(BITS) %.csr: %.cnf %.key - $(REQ) -config "$(*).cnf" -batch -nodes -new -key$$([ -e "$(*).key" ] || echo out ) "$(*).key" -out "$(@)" + $(GENREQ) -config "$(*).cnf" -batch -nodes -new -key$$([ -e "$(*).key" ] || echo out ) "$(*).key" -out "$(@)" %.crt: %.csr serial root.crt root.key $(SIGN) -req -days 365 -in "$(*).csr" -CA root.crt -CAkey root.key -CAserial "serial" -out "$(@)"