diff options
author | Alon Levy <alevy@redhat.com> | 2011-01-07 15:46:32 +0200 |
---|---|---|
committer | Alon Levy <alevy@redhat.com> | 2011-01-07 15:46:32 +0200 |
commit | 11a217a7919911d29da2e165c565a58999aab641 (patch) | |
tree | 5e9abd95b402fd6f0fa9fedb4eb6efeac9cdb6e3 |
initial
-rw-r--r-- | 630105/Makefile | 36 | ||||
-rwxr-xr-x | 630105/make_new.sh | 57 | ||||
-rw-r--r-- | README | 1 |
3 files changed, 94 insertions, 0 deletions
diff --git a/630105/Makefile b/630105/Makefile new file mode 100644 index 0000000..93b446f --- /dev/null +++ b/630105/Makefile @@ -0,0 +1,36 @@ +all: regular + +.PHONY: regular cech clean test_regular test_cech + +OK_CA_SUBJECT=/C=IL/L=Raanana/O=Red Hat/CN=my CA +OK_SERVER_SUBJECT=/C=IL/L=Raanana/O=Red Hat/CN=my server +OK_SERVER_SUBJECT_SPICEC=C=IL,L=Raanana,O=Red Hat,CN=my server +CECH_CA_SUBJECT=/O=Nějaká česká firma/CN=ps-desk.brq.redhat.com +CECH_SERVER_SUBJECT=/O=Nějaká česká firma/CN=ps-desk.brq.redhat.com server +#CECH_SERVER_SUBJECT_SPICEC=O=N\xC3\x84\xC2\x9Bjak\xC3\x83\xC2\xA1 \xC3\x84\xC2\x8Desk\xC3\x83\xC2\xA1 firma, CN=ps-desk.brq.redhat.com server +CECH_SERVER_SUBJECT_SPICEC=O=NÄjaká Äeská firma,CN=ps-desk.brq.redhat.com server + +CWD=$(shell pwd) + +regular: + ./make_new.sh "$(OK_CA_SUBJECT)" "$(OK_SERVER_SUBJECT)" + +cech_just_ca: + ./make_new.sh "$(CECH_CA_SUBJECT)" "$(OK_SERVER_SUBJECT)" + +cech: + ./make_new.sh "$(CECH_CA_SUBJECT)" "$(CECH_SERVER_SUBJECT)" + + +machine: + qemu.upstream -vga qxl -m 256 -spice port=6200,tls-port=7200,disable-ticketing,x509-dir=$(CWD),tls-channel=main,tls-channel=inputs + +# ca certificate in cech isn't a problem. +spicec_regular: + spicec -h localhost -p 6200 -s 7200 --secure-channels=all --ca-file ca-cert.pem --host-subject "$(OK_SERVER_SUBJECT_SPICEC)" + +spicec_cech: + spicec -h localhost -p 6200 -s 7200 --secure-channels=all --ca-file ca-cert.pem --host-subject "$(CECH_SERVER_SUBJECT_SPICEC)" + +clean: + rm -f *.secure *.pem *.csr diff --git a/630105/make_new.sh b/630105/make_new.sh new file mode 100755 index 0000000..e4d016b --- /dev/null +++ b/630105/make_new.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# reference: +# http://www.tc.umn.edu/~brams006/selfsign.html + +SERVER_KEY=server-key.pem +# The bug is: when certificate subject is in chech, we don't parse +# it correctly (i.e. we mangle it somewhere along the way) +CERT_SUBJECT=$1 +SERVER_SUBJECT=$2 + +if [ "x$CERT_SUBJECT" == "x" ] ;then + echo supply ca subject please. + exit -1 +fi + +if [ "x$SERVER_SUBJECT" == "x" ]; then + echo supply server subject please. + exit -1 +fi + +# creating a key for our ca +if [ ! -e ca-key.pem ]; then + openssl genrsa -des3 -out ca-key.pem 1024 +fi +# creating a ca +if [ ! -e ca-cert.pem ]; then + openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem -subj "$CERT_SUBJECT" +fi +# create server key +if [ ! -e $SERVER_KEY ]; then + openssl genrsa -out $SERVER_KEY 1024 +fi +# create a certificate signing request (csr) +if [ ! -e server-key.csr ]; then + openssl req -new -key $SERVER_KEY -out server-key.csr -subj "$SERVER_SUBJECT" +fi +# signing our server certificate with this ca +if [ ! -e server-cert.pem ]; then + openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem +fi + +# now create a key that doesn't require a passphrase +openssl rsa -in $SERVER_KEY -out $SERVER_KEY.insecure +mv $SERVER_KEY $SERVER_KEY.secure +mv $SERVER_KEY.insecure $SERVER_KEY + +# show the results (no other effect) +openssl rsa -noout -text -in $SERVER_KEY +openssl rsa -noout -text -in ca-key.pem +openssl req -noout -text -in server-key.csr +openssl x509 -noout -text -in server-cert.pem +openssl x509 -noout -text -in ca-cert.pem + +echo "Subject for server certificate in copy pastable mode:" +openssl x509 -in server-cert.pem -noout -subject -nameopt oneline,-esc_msb + @@ -0,0 +1 @@ +tests for spice bugzilla (bz) entries. |