Add gentls_cert script to create a CA and certificate for mod_sofia TLS

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7234 d0543943-73ff-0310-b7d9-9358b9ac24b2
2008-01-15 14:53:05 +00:00 · 2008-01-15 14:53:05 +00:00 · 24248ae102
commit 24248ae102
parent 36658df019
3 changed files with 175 additions and 1 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -156,6 +156,7 @@ libfreeswitch_la_SOURCES += src/switch_odbc.c
 libfreeswitch_la_LDFLAGS     += -lodbc
 endif
 bin_SCRIPTS = scripts/gentls_cert
 libs/libedit/src/.libs/libedit.a:
--- a/configure.in
+++ b/configure.in
@ -424,7 +424,8 @@ AC_CONFIG_FILES([Makefile
                src/include/switch_am_config.h
                build/getsounds.sh
                build/getlib.sh
-                build/modmake.rules])
+                build/modmake.rules
                scripts/gentls_cert])
 AM_CONDITIONAL(ISLINUX, [test `uname -s` = Linux])
 AM_CONDITIONAL(ISMAC, [test `uname -s` = Darwin])
--- a/scripts/gentls_cert.in
+++ b/scripts/gentls_cert.in
@ -0,0 +1,172 @@
 #!/bin/sh
 CONFDIR=@prefix@/conf/ssl
 DAYS=365
 TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)"
 COMMON_NAME="FreesSWITCH CA"
 ALT_NAME="DNS:test.freeswitch.org"
 ORG_NAME="FreeSWITCH"
 umask 037
 setup_ca() {
 	echo "Creating new CA..."
 	if [ ! -d "${CONFDIR}/CA" ]; then
 		mkdir -p -m 750 "${CONFDIR}/CA" || exit  1
 	fi
 	if [ ! -e "${CONFDIR}/CA/config.tpl" ]; then
 		cat > "${CONFDIR}/CA/config.tpl" <<-EOF
 			[ req ]
 			default_bits            = 1024
 			prompt                  = no
 			distinguished_name      = req_dn
 			[ req_dn ]
 			commonName              = %CN%
 			organizationName	= %ORG%
 			[ ext ]
 			basicConstraints=CA:FALSE
 			subjectKeyIdentifier=hash
 			authorityKeyIdentifier=keyid,issuer:always
 			subjectAltName=%ALTNAME%
 		EOF
 	fi
 	sed \
 		-e "s|%CN%|$COMMON_NAME|" \
 		-e "s|%ORG%|$ORG_NAME|" \
 		-e "/%ALTNAME%/d" \
 		-e "s|CA:FALSE|CA:TRUE|" \
 		"${CONFDIR}/CA/config.tpl" \
 			> "${TMPFILE}.cfg" || exit 1
 	openssl req -new -out "${CONFDIR}/CA/careq.pem" \
 		-newkey rsa:1024 -keyout "${CONFDIR}/CA/cakey.pem" \
 		-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
 	openssl x509 -req -signkey "${CONFDIR}/CA/cakey.pem" -in "${CONFDIR}/CA/careq.pem" \
 		-out "${CONFDIR}/CA/cacert.pem" -extfile "${TMPFILE}.cfg" \
 		-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
 	rm "${TMPFILE}.cfg"
 	echo "DONE"
 }
 generate_cert() {
 	local val=""
 	echo "Generating new certificate..."
 	echo
 	echo "--------------------------------------------------------"
 	echo "CN: \"${COMMON_NAME}\""
 	echo "ORG_NAME: \"${ORG_NAME}\""
 	echo "ALT_NAME: \"${ALT_NAME}\""
 	echo
 	echo "[Enter \"OK\" to accept]"
 	read val
 	if [ "${val}" != "OK" ]; then
 		return 2
 	fi
 	sed \
 		-e "s|%CN%|$COMMON_NAME|" \
 		-e "s|%ALTNAME%|$ALT_NAME|" \
 		-e "s|%ORG%|$ORG_NAME|" \
 		"${CONFDIR}/CA/config.tpl" \
 			> "${TMPFILE}.cfg" || exit 1
 	openssl req -new -out "${TMPFILE}.req" \
 		-newkey rsa:1024 -keyout "${TMPFILE}.key" \
 		-config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
 	openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \
 		-in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \
 		-extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1
 	cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
 	cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/agent.pem"
 	rm "${TMPFILE}.cfg" "${TMPFILE}.crt" "${TMPFILE}.key" "${TMPFILE}.req"
 	echo "DONE"
 }
 remove_ca() {
 	echo "Cleaning CA"
 	if [ ! -d "${CONFDIR}/CA" ]; then
 		rm "${CONFDIR}/CA/"*
 		rmdir "${CONFDIR}/CA"
 	fi
 	echo "DONE"
 }
 command="$1"
 shift
 while [ $# -gt 0 ]; do
 	case $1 in
 		-cn)
 			shift
 			COMMON_NAME="$1"
 			;;
 		-alt)
 			shift
 			ALT_NAME="$1"
 			;;
 		-org)
 			shift
 			ORG_NAME="$1"
 			;;
 	esac
 	shift
 done
 case ${command} in
 	setup)
 		setup_ca
 		;;
 	create)
 		generate_cert
 		;;
 	remove)
 		echo "Are you sure you want to delete the CA? [YES to delete]"
 		read val
 		if [ "${val}" = "YES" ]; then
 			remove_ca
 		else
 			echo "Not deleting CA"
 		fi
 		;;
 	*)
 		cat <<-EOF
 		$0 <setup|create|clean> [options]
 		  * commands:
 		    setup  - Setup new CA
 		    create - Create new certificate (overwriting old!)
 		    remove - Remove CA
 		  * options:
 		   -cn       Set common name
 		   -alt      Set alternative name (use prefix 'DNS:' or 'URI:')
 		   -org      Set organization name
 		EOF
 		exit 1
 		;;
 esac