deac/sslmake
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

%.dh for generating diffie-hellmann-params added. sslmake BITS=1234 (default 4096) added.

Browse source
This commit is contained in:
Denis Knauf 2018-01-11 21:35:43 +01:00
parent 343f6262d0
commit 31172b9c00
3 changed files with 31 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Makefile
View file

@ -5,9 +5,10 @@ D ?= /
all: all:
@echo Choose: If you prefer openssl, use install-openssl. If you prefer gnutls, use install-gnutls. @echo Choose: If you prefer openssl, use install-openssl. If you prefer gnutls, use install-gnutls.
@echo If you use install, openssl will be used. @echo If you use install, gnutls will be used.
@echo gnutls has an easier configfile-format (%.cfg) instead of the a little more complex openssl format (%.cnf).
install: install-openssl install: install-gnutls
$(D)/$(EPREFIX): $(D)/$(EPREFIX):
install --owner root --group root --mode 0755 -d $(D)/$(EPREFIX) install --owner root --group root --mode 0755 -d $(D)/$(EPREFIX)

19
sslmake-gnutls
View file

@ -2,14 +2,17 @@
# vi:set filetype=makefile # vi:set filetype=makefile
NULL=0 exec make "CALL=$0" "EXE=`which $0`" -f "`which $0`" -- "$@" NULL=0 exec make "CALL=$0" "EXE=`which $0`" -f "`which $0`" -- "$@"
EXE ?= sslmake BITS ?= 4069
EXE ?= sslmake
CALL ?= `which $(EXE)` CALL ?= `which $(EXE)`
DEFAULTCFG ?= template.cfg DEFAULTCFG ?= template.cfg
S ?= . S ?= .
CERTTOOL ?= /usr/bin/certtool CERTTOOL ?= /usr/bin/certtool
GENKEY = $(CERTTOOL) --generate-privkey --disable-quick-random GENKEY ?= $(CERTTOOL) --generate-privkey --disable-quick-random
GENREQ = $(CERTTOOL) --generate-request GENREQ ?= $(CERTTOOL) --generate-request
GENCRT = $(CERTTOOL) --generate-certificate GENCRT ?= $(CERTTOOL) --generate-certificate
GENDH ?= $(CERTTOOL) --generate-dh-params --disable-quick-random
all: help all: help
--help -h: help --help -h: help
@ -19,6 +22,7 @@ all: help
help: help:
@echo -e "\ @echo -e "\
Creates SSL-keys and -certificate requests named %.key/%.csr (replace % by name)\n\ Creates SSL-keys and -certificate requests named %.key/%.csr (replace % by name)\n\
BITS=strength: for setting bit-strength (default $(BITS))\n\
--help -h: Display this help message.\n\ --help -h: Display this help message.\n\
--renew -r: Renews %.csr for all %.key.\n\ --renew -r: Renews %.csr for all %.key.\n\
--build -b: Builds %.csr and %.key for every %.cfg if doesn't exist.\n\ --build -b: Builds %.csr and %.key for every %.cfg if doesn't exist.\n\
@ -44,7 +48,10 @@ root.crt:
cp "$(DEFAULTCFG)" "$(@)" cp "$(DEFAULTCFG)" "$(@)"
%.key: %.key:
$(GENKEY) --outfile "$(@)" --sec-param normal $(GENKEY) --outfile "$(@)" --bits $(BITS)
%.dh:
umask 177 ; $(GENDH) --outfile "$(@)" --bits $(BITS)
%.csr: %.cfg %.key %.csr: %.cfg %.key
$(GENREQ) --template "$(*).cfg" --load-privkey "$(*).key" --outfile "$(@)" $(GENREQ) --template "$(*).cfg" --load-privkey "$(*).key" --outfile "$(@)"

23
sslmake-openssl
View file

@ -2,14 +2,17 @@
# vi:set filetype=makefile # vi:set filetype=makefile
NULL=0 exec make "CALL=$0" "EXE=`which $0`" -f "`which $0`" -- "$@" NULL=0 exec make "CALL=$0" "EXE=`which $0`" -f "`which $0`" -- "$@"
EXE ?= sslmake BITS ?= 4096
CALL ?= `which $(EXE)` EXE ?= sslmake
CALL ?= `which $(EXE)`
DEFAULTOPENSSLCNF ?= /etc/ssl/openssl.cnf DEFAULTOPENSSLCNF ?= /etc/ssl/openssl.cnf
S ?= . S ?= .
OPENSSL ?= /usr/bin/openssl OPENSSL ?= /usr/bin/openssl
GENRSA = $(OPENSSL) genrsa GENRSA ?= $(OPENSSL) genrsa
REQ = $(OPENSSL) req GENDH ?= $(OPENSSL) gendh
SIGN = $(OPENSSL) x509 GENREQ ?= $(OPENSSL) req
SIGN ?= $(OPENSSL) x509
all: help all: help
--help -h: help --help -h: help
@ -19,6 +22,7 @@ all: help
help: help:
@echo -e "\ @echo -e "\
Creates SSL-keys and -certificate requests named %.key/%.csr (replace % by name)\n\ Creates SSL-keys and -certificate requests named %.key/%.csr (replace % by name)\n\
BITS=strength: for setting bit-strength (default $(BITS))\n\
--help -h: Display this help message.\n\ --help -h: Display this help message.\n\
--renew -r: Renews %.csr for all %.key.\n\ --renew -r: Renews %.csr for all %.key.\n\
--build -b: Builds %.csr and %.key for every %.cnf if doesn't exist.\n\ --build -b: Builds %.csr and %.key for every %.cnf if doesn't exist.\n\
@ -44,10 +48,13 @@ root.crt:
cp "$(DEFAULTOPENSSLCNF)" "$(@)" cp "$(DEFAULTOPENSSLCNF)" "$(@)"
%.key: %.key:
umask 177 ; $(GENRSA) -out "$(@)" 4096 umask 177 ; $(GENRSA) -out "$(@)" $(BITS)
%.dh:
umask 177 ; $(GENDH) -out "$(@)" $(BITS)
%.csr: %.cnf %.key %.csr: %.cnf %.key
$(REQ) -config "$(*).cnf" -batch -nodes -new -key$$([ -e "$(*).key" ] || echo out ) "$(*).key" -out "$(@)" $(GENREQ) -config "$(*).cnf" -batch -nodes -new -key$$([ -e "$(*).key" ] || echo out ) "$(*).key" -out "$(@)"
%.crt: %.csr serial root.crt root.key %.crt: %.csr serial root.crt root.key
$(SIGN) -req -days 365 -in "$(*).csr" -CA root.crt -CAkey root.key -CAserial "serial" -out "$(@)" $(SIGN) -req -days 365 -in "$(*).csr" -CA root.crt -CAkey root.key -CAserial "serial" -out "$(@)"