From 28f71cbfab5dae2269130c7647c3bd77b0bcd20a Mon Sep 17 00:00:00 2001 From: Matthew Wiggins Date: Mon, 7 Mar 2005 19:42:04 +0000 Subject: [PATCH] Added the scripts from fqircd to build SSL certificate in makefile --- Makefile.in | 13 ++++++- configure | 4 ++ configure.in | 4 ++ ircdssl.cnf | 36 ++++++++++++++++++ makecert | 16 ++++++++ tools/ssl-cert.sh | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/ssl-search.sh | 66 +++++++++++++++++++++++++++++++++ 7 files changed, 241 insertions(+), 2 deletions(-) create mode 100644 ircdssl.cnf create mode 100755 makecert create mode 100755 tools/ssl-cert.sh create mode 100755 tools/ssl-search.sh diff --git a/Makefile.in b/Makefile.in index be45b4d..128aa5c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -15,7 +15,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # -# $Id: Makefile.in,v 1.2 2005/01/13 10:46:42 mmondor Exp $ +# $Id: Makefile.in,v 1.3 2005/03/07 19:42:03 mwiggins Exp $ RM=@RM@ MV=@MV@ @@ -84,7 +84,7 @@ fullclean: distclean: ${RM} -f Makefile *~ *.rej *.orig core ircd.core *.tmp - ${RM} -f config.status config.cache config.log + ${RM} -f config.status config.cache config.log .ircd.entropy .maxclients ircd.crt ircd.key ircd.pid ircdssl.rnd cd include; ${RM} -f setup.h *~ *.rej *.orig options.h; cd .. @for i in $(SUBDIRS); do \ echo "Cleaning $$i";\ @@ -110,6 +110,15 @@ install: all $(MAKE) install; \ cd ..; \ done + + @if test -f $(PWD)/ircd.crt; then + $(INSTALL_BIN) ircd.crt $(INSTALL_DIR); + fi + + @if test -f $(PWD)/ircd.key; then + $(INSTALL_BIN) ircd.key $(INSTALL_DIR); + fi + @echo "" @echo "Now edit $(INSTALL_DIR)/template.conf" @echo "and move it to ircd.conf - and you'll be all set." diff --git a/configure b/configure index 9c674fd..a255915 100755 --- a/configure +++ b/configure @@ -8229,6 +8229,10 @@ echo configuring zlib... cd .. ) +if test "$encryption" = "enabled"; then +./makecert $prefix +fi + echo "" echo " ******* Bahamut Configuration Settings *******" echo " System Build Type: $target" diff --git a/configure.in b/configure.in index 547d900..bb5b32c 100644 --- a/configure.in +++ b/configure.in @@ -558,6 +558,10 @@ echo configuring zlib... cd .. ) +if test "$encryption" = "enabled"; then +./makecert $prefix +fi + echo "" echo " ******* Bahamut Configuration Settings *******" echo " System Build Type: $target" diff --git a/ircdssl.cnf b/ircdssl.cnf new file mode 100644 index 0000000..e59e28f --- /dev/null +++ b/ircdssl.cnf @@ -0,0 +1,36 @@ +# create RSA certs - Server + +RANDFILE = ircdssl.rnd + +[ req ] +default_bits = 1024 +encrypt_key = yes +distinguished_name = req_dn +x509_extensions = cert_type + +[ req_dn ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Insert your province + +localityName = Locality Name (eg, city) +localityName_default = Rubiks + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Rubiks IRC Network + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = John Doe's IRC Server + +0.commonName = Common Name (FQDN of your server) +0.commonName_default = yourserver.xx.freequest.net + +1.commonName = DNS alias of your server +1.commonName_default = yourserver.xx.freequest.net + +[ cert_type ] +nsCertType = server diff --git a/makecert b/makecert new file mode 100755 index 0000000..482ce29 --- /dev/null +++ b/makecert @@ -0,0 +1,16 @@ +#/bin/sh +if [ -z "$1" ]; then + echo "Error: You need to specify where your ircd is about to be installed!" + echo "Syntax: ./makecert " +else + echo "* Making SSL Certificates...." + echo "* This is mandatory. Please fill out the required information." + if [ ! -d "$1" ]; then + echo " - Destination directory not created" + tools/ssl-cert.sh $PWD + else + echo " + Destination directory exists!" + tools/ssl-cert.sh $1 + fi + echo "* Your all set! Run 'make' " +fi diff --git a/tools/ssl-cert.sh b/tools/ssl-cert.sh new file mode 100755 index 0000000..add60b0 --- /dev/null +++ b/tools/ssl-cert.sh @@ -0,0 +1,104 @@ +#!/bin/sh + +if [ -z "$DPATH" ]; then + if [ -z "$1" ]; then + echo "Installation path not defined (running interactively ?)"; + echo "If this is the case, run $0 "; + exit 1; + else + DPATH=$1; + USE_SSL=1; + + ECHO='echo'; + test -z `echo -n` && ECHO='echo -n'; + + . tools/ssl-search.sh + fi + + if [ ! -d "$DPATH" ]; then + echo "Invalid installation path."; + exit 1; + fi; +fi + +CERT_DAYS=365 +REBUILD_CRT="1" +if [ -n "$USE_SSL" ]; then + + if [ -r "$DPATH/ircd.crt" ]; then + echo " "; + echo "*** You already have an SSL certificate . . ."; + echo " "; + + FOO="" + runonce="" + while [ -z "$FOO" ] ; do + FOO="No" + echo "" + echo "Do you want to rebuild your certificate ?"; + $ECHO "[$FOO] -> $c" + if [ -z "$AUTO_CONFIG" -o -n "$runonce" ] ; then + read cc + runonce=Yes + else + cc="" + fi + if [ -z "$cc" ] ; then + cc=$FOO + fi + case "$cc" in + [Yy]*) + REBUILD_CRT="1" + ;; + [Nn]*) + REBUILD_CRT="" + ;; + *) + echo "" + echo "You need to enter either Yes or No here..." + echo "" + FOO="" + ;; + esac + done + fi + + if [ -n "$REBUILD_CRT" ]; then + echo " "; + echo "*** Building a new SSL certificate for your server."; + + FOO="" + runonce="" + while [ -z "$FOO" ] ; do + FOO="$CERT_DAYS" + echo " " + echo "How many days will your certificate last ?" + echo " " + $ECHO "[$FOO] -> $c" + if [ -z "$AUTO_CONFIG" -o -n "$runonce" -o -z "$SERVICES_NAME" ] ; then + read cc + runonce=Yes + else + cc="" + fi + if [ -z "$cc" ] ; then + cc=$FOO + fi + case "$cc" in + *) + CERT_DAYS="$cc" + esac + done + + $openssl req -new -x509 -days $CERT_DAYS -nodes \ + -config ircdssl.cnf -out "$DPATH/ircd.crt" \ + -keyout "$DPATH/ircd.key" $RNDF + $openssl x509 -subject -dates -fingerprint -noout \ + -in "$DPATH/ircd.crt" + + fi + + echo " " + echo "*** SSL certificate step done." + echo " " +fi diff --git a/tools/ssl-search.sh b/tools/ssl-search.sh new file mode 100755 index 0000000..61ef200 --- /dev/null +++ b/tools/ssl-search.sh @@ -0,0 +1,66 @@ +#!/bin/sh + +#search for an openssl installation . . . + +if [ `uname -s` == "OpenBSD" ]; then + BINDIR="sbin" + LIBCRYPTO="libcrypto.a" + LIBSSL="libssl.a" +else + BINDIR="bin" + LIBCRYPTO="libcrypto.so" + LIBSSL="libssl.so" +fi + + for dir in /usr /usr/local/ssl /usr/local/openssl /usr/local /opt/ssl /opt/openssl; do + test -x "$dir/$BINDIR/openssl" -a -r "$dir/lib/$LIBCRYPTO" -a -r "$dir/lib/$LIBSSL" && { + openssl="${dir}/$BINDIR/openssl"; + SSL_BASE="$dir"; + test "$dir" != '/usr' && { + SSL_INCLUDE="-I${dir}/include"; + SSL_LIB="-L${dir}/lib"; + } + SSL_LIB="$SSL_LIB -lcrypto -lssl" + break; + } + done + +#search for a random number generator . . . + + RNDF=''; + if [ ! -r /dev/random -o ! -r /dev/urandom ] ; then + for file in /var/run/egd-pool /dev/egd-pool /etc/egd-pool /etc/entropy "$HOME/.rnd" .rnd ; do + test -r $file && { + RNDF="$file"; + break; + } + done + if [ -z "$RNDF" ] ; then + echo ""; + echo "Your OS does not provide you a random number generator."; + echo "see http://www.lothar.com/tech/crypto on how to get EGD" + echo "up and running, and restart config." + echo "You could also generate some random data to another machine"; + echo "and put into a file named \`.rnd' placed in your HOME or in"; + echo "the current directory. This will seed the random" + echo "number generator." + test -n "$OS_SOLARIS" && { + echo "For solaris, you might also install the SUNski package"; + echo "from Sun patch 105710-01 (Sparc)." + } + echo "Visit http://www.openssl.org/support/faq.html#USER1 for details." + echo ""; + openssl=""; + else + echo "Using $RNDF as a random source . ."; + RNDF="-rand $RNDF"; + fi + fi + + if [ ! -x "$openssl" -o -z "$openssl" ]; then + echo ""; + echo "Cannot find the OpenSSL installation or one of its components !"; + echo "SSL support for this build disabled."; + echo " "; + USE_SSL=""; + fi -- 2.9.0