mirror of https://github.com/wolfSSL/wolfssl
Merge branch 'master' of https://github.com/kaleb-himes/cyassl
This commit is contained in:
commit
67858df5e0
|
@ -5,53 +5,53 @@
|
|||
|
||||
|
||||
# caCrl
|
||||
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
|
||||
|
||||
# metadata
|
||||
openssl crl -in crl.pem -text > tmp
|
||||
mv tmp crl.pem
|
||||
# install (only needed if working outside cyassl)
|
||||
#cp crl.pem ~/cyassl/certs/crl/crl.pem
|
||||
# install (only needed if working outside wolfssl)
|
||||
#cp crl.pem ~/wolfssl/certs/crl/crl.pem
|
||||
|
||||
# caCrl server revoked
|
||||
openssl ca -config ../renewcerts/cyassl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
|
||||
|
||||
# caCrl server revoked generation
|
||||
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
|
||||
|
||||
# metadata
|
||||
openssl crl -in crl.revoked -text > tmp
|
||||
mv tmp crl.revoked
|
||||
# install (only needed if working outside cyassl)
|
||||
#cp crl.revoked ~/cyassl/certs/crl/crl.revoked
|
||||
# install (only needed if working outside wolfssl)
|
||||
#cp crl.revoked ~/wolfssl/certs/crl/crl.revoked
|
||||
|
||||
# remove revoked so next time through the normal CA won't have server revoked
|
||||
cp blank.index.txt demoCA/index.txt
|
||||
|
||||
# cliCrl
|
||||
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
|
||||
|
||||
# metadata
|
||||
openssl crl -in cliCrl.pem -text > tmp
|
||||
mv tmp cliCrl.pem
|
||||
# install (only needed if working outside cyassl)
|
||||
#cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
|
||||
# install (only needed if working outside wolfssl)
|
||||
#cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
|
||||
|
||||
# eccCliCRL
|
||||
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
|
||||
|
||||
# metadata
|
||||
openssl crl -in eccCliCRL.pem -text > tmp
|
||||
mv tmp eccCliCRL.pem
|
||||
# install (only needed if working outside cyassl)
|
||||
#cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
|
||||
# install (only needed if working outside wolfssl)
|
||||
#cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
|
||||
|
||||
# eccSrvCRL
|
||||
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
|
||||
openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
|
||||
|
||||
# metadata
|
||||
openssl crl -in eccSrvCRL.pem -text > tmp
|
||||
mv tmp eccSrvCRL.pem
|
||||
# install (only needed if working outside cyassl)
|
||||
#cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem
|
||||
# install (only needed if working outside wolfssl)
|
||||
#cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ function run_renewcerts(){
|
|||
cd certs/
|
||||
echo ""
|
||||
#move the custom cnf into our working directory
|
||||
cp renewcerts/cyassl.cnf cyassl.cnf
|
||||
cp renewcerts/wolfssl.cnf wolfssl.cnf
|
||||
|
||||
# To generate these all in sha1 add the flag "-sha1" on appropriate lines
|
||||
# That is all lines beginning with: "openssl req"
|
||||
|
@ -22,7 +22,7 @@ function run_renewcerts(){
|
|||
echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
|
||||
|
||||
|
||||
openssl x509 -req -in client-cert.csr -days 1000 -extfile cyassl.cnf -extensions cyassl_opts -signkey client-key.pem -out client-cert.pem
|
||||
openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key.pem -out client-cert.pem
|
||||
rm client-cert.csr
|
||||
|
||||
openssl x509 -in client-cert.pem -text > tmp.pem
|
||||
|
@ -35,7 +35,7 @@ function run_renewcerts(){
|
|||
#pipe the following arguments to openssl req...
|
||||
echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -nodes -out ca-cert.csr
|
||||
|
||||
openssl x509 -req -in ca-cert.csr -days 1000 -extfile cyassl.cnf -extensions cyassl_opts -signkey ca-key.pem -out ca-cert.pem
|
||||
openssl x509 -req -in ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ca-key.pem -out ca-cert.pem
|
||||
rm ca-cert.csr
|
||||
|
||||
openssl x509 -in ca-cert.pem -text > tmp.pem
|
||||
|
@ -48,7 +48,7 @@ function run_renewcerts(){
|
|||
#pipe the following arguments to openssl req...
|
||||
echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem
|
||||
|
||||
openssl x509 -req -in server-req.pem -extfile cyassl.cnf -extensions cyassl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
|
||||
openssl x509 -req -in server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
|
||||
|
||||
rm server-req.pem
|
||||
|
||||
|
@ -64,7 +64,7 @@ function run_renewcerts(){
|
|||
echo ""
|
||||
echo -e "US\nMontana\nBozeman\nElliptic - RSAsig\nECC-RSAsig\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes > server-ecc-req.pem
|
||||
|
||||
openssl x509 -req -in server-ecc-req.pem -extfile cyassl.cnf -extensions cyassl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-ecc-rsa.pem
|
||||
openssl x509 -req -in server-ecc-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-ecc-rsa.pem
|
||||
|
||||
rm server-ecc-req.pem
|
||||
|
||||
|
@ -79,7 +79,7 @@ function run_renewcerts(){
|
|||
openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
|
||||
openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
|
||||
openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
|
||||
echo "Changing directory to cyassl root..."
|
||||
echo "Changing directory to wolfssl root..."
|
||||
echo ""
|
||||
cd ../
|
||||
echo "Execute ./gencertbuf.pl..."
|
||||
|
@ -89,7 +89,7 @@ function run_renewcerts(){
|
|||
########## generate the new crls ###########################
|
||||
############################################################
|
||||
|
||||
echo "Change directory to cyassl/certs"
|
||||
echo "Change directory to wolfssl/certs"
|
||||
echo ""
|
||||
cd certs
|
||||
echo "We are back in the certs directory"
|
||||
|
@ -118,12 +118,12 @@ function run_renewcerts(){
|
|||
echo "Performing final steps, cleaning up the file system..."
|
||||
echo ""
|
||||
|
||||
rm ../cyassl.cnf
|
||||
rm ../wolfssl.cnf
|
||||
rm blank.index.txt
|
||||
rm index.*
|
||||
rm crlnumber*
|
||||
rm -r demoCA
|
||||
echo "Removed ../cyassl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
|
||||
echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
|
||||
echo ""
|
||||
|
||||
}
|
||||
|
@ -131,7 +131,7 @@ function run_renewcerts(){
|
|||
#function for restoring a previous configure state
|
||||
function restore_config(){
|
||||
mv tmp.status config.status
|
||||
mv tmp.options.h cyassl/options.h
|
||||
mv tmp.options.h wolfssl/options.h
|
||||
make clean
|
||||
make -j 8
|
||||
}
|
||||
|
@ -149,14 +149,14 @@ function move_ntru(){
|
|||
#start in root.
|
||||
cd ../
|
||||
#if HAVE_NTRU already defined && there is no argument
|
||||
if grep HAVE_NTRU "cyassl/options.h" && [ -z "$1" ]
|
||||
if grep HAVE_NTRU "wolfssl/options.h" && [ -z "$1" ]
|
||||
then
|
||||
|
||||
#run the function to renew the certs
|
||||
run_renewcerts
|
||||
# run_renewcerts will end in the cyassl/certs/crl dir, backup to root.
|
||||
# run_renewcerts will end in the wolfssl/certs/crl dir, backup to root.
|
||||
cd ../../
|
||||
echo "changed directory to cyassl root directory."
|
||||
echo "changed directory to wolfssl root directory."
|
||||
echo ""
|
||||
|
||||
############################################################
|
||||
|
@ -197,7 +197,7 @@ else
|
|||
echo "Saving the configure state"
|
||||
echo ""
|
||||
cp config.status tmp.status
|
||||
cp cyassl/options.h tmp.options.h
|
||||
cp wolfssl/options.h tmp.options.h
|
||||
|
||||
echo "Running make clean"
|
||||
echo ""
|
||||
|
@ -217,11 +217,11 @@ else
|
|||
# ntru in the default location
|
||||
|
||||
# if now defined
|
||||
if grep HAVE_NTRU "cyassl/options.h"; then
|
||||
if grep HAVE_NTRU "wolfssl/options.h"; then
|
||||
run_renewcerts
|
||||
#run_renewcerts leaves us in cyassl/certs/crl, backup to root
|
||||
#run_renewcerts leaves us in wolfssl/certs/crl, backup to root
|
||||
cd ../../
|
||||
echo "changed directory to cyassl root directory."
|
||||
echo "changed directory to wolfssl root directory."
|
||||
echo ""
|
||||
|
||||
move_ntru
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# cyassl configuration file
|
||||
# wolfssl configuration file
|
||||
#
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
@ -20,7 +20,7 @@ default_ca = CA_default # The default ca section
|
|||
[ CA_default ]
|
||||
|
||||
####################################################################
|
||||
# CHANGE THIS LINE TO BE YOUR CYASSL_ROOT DIRECTORY #
|
||||
# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY #
|
||||
# #
|
||||
dir = $HOME./.. #
|
||||
####################################################################
|
||||
|
@ -115,12 +115,12 @@ unstructuredName = An optional company name
|
|||
# These extensions are added when 'ca' signs a request.
|
||||
[ usr_cert ]
|
||||
basicConstraints=CA:FALSE
|
||||
nsComment = "cyaSSL Generated Certificate using openSSL command line utility."
|
||||
nsComment = "wolfSSL Generated Certificate using openSSL command line utility."
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
#cyassl extensions
|
||||
[cyassl_opts]
|
||||
#wolfssl extensions
|
||||
[wolfssl_opts]
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
basicConstraints=CA:true
|
||||
|
@ -143,7 +143,7 @@ authorityKeyIdentifier=keyid:always
|
|||
# These extensions should be added when creating a proxy certificate
|
||||
[ proxy_cert_ext ]
|
||||
basicConstraints=CA:FALSE
|
||||
nsComment = "cyaSSL Generated Certificate using openSSL command line utility"
|
||||
nsComment = "wolfSSL Generated Certificate using openSSL command line utility"
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
|
@ -17,7 +17,7 @@ gnrwMDO3JvH89CwlHRizVSQl59ViqEMGLmbHThcMqkEOkFphB2xox7/IOVyp6cFn
|
|||
mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb
|
||||
5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe
|
||||
qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY
|
||||
CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVCYAoFncLTp5vHBtdmg
|
||||
CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVWOLFoFncLTp5vHBtdmg
|
||||
6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN
|
||||
yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo
|
||||
Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a
|
||||
|
|
Loading…
Reference in New Issue