1 files changed, 132 insertions, 0 deletions
diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh
new file mode 100644
index 0000000000..1942b985a2
--- /dev/null
+++ b/src/lib/libssl/src/apps/CA.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#                  environment variable so this can be driven from
+#                  a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+# default ssleay.cnf file has setup as per the following
+# demoCA ... where everything is stored
+DAYS="-days 365"
+REQ="ssleay req $SSLEAY_CONFIG"
+CA="ssleay ca $SSLEAY_CONFIG"
+VERIFY="ssleay verify"
+X509="ssleay x509"
+CATOP=./demoCA
+CAKEY=./cakey.pem
+CACERT=./cacert.pem
+for i
+do
+case $i in
+-\?|-h|-help)
+    echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
+    exit 0
+    ;;
+-newcert) 
+    # create a certificate
+    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+    RET=$?
+    echo "Certificate (and private key) is in newreq.pem"
+    ;;
+-newreq) 
+    # create a certificate request
+    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+    RET=$?
+    echo "Request (and private key) is in newreq.pem"
+    ;;
+-newca)     
+    # if explictly asked for or it doesn't exist then setup the directory
+    # structure that Eric likes to manage things 
+    NEW="1"
+    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
+        # create the directory hierarchy
+        mkdir ${CATOP} 
+        mkdir ${CATOP}/certs 
+        mkdir ${CATOP}/crl 
+        mkdir ${CATOP}/newcerts
+        mkdir ${CATOP}/private
+        echo "01" > ${CATOP}/serial
+        touch ${CATOP}/index.txt
+    fi
+    if [ ! -f ${CATOP}/private/$CAKEY ]; then
+        echo "CA certificate filename (or enter to create)"
+        read FILE
+        # ask user for existing CA certificate
+        if [ "$FILE" ]; then
+            cp $FILE ${CATOP}/private/$CAKEY
+            RET=$?
+        else
+            echo "Making CA certificate ..."
+            $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
+                           -out ${CATOP}/$CACERT $DAYS
+            RET=$?
+        fi
+    fi
+    ;;
+-xsign)
+    $CA -policy policy_anything -infiles newreq.pem 
+    RET=$?
+    ;;
+-sign|-signreq) 
+    $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+    RET=$?
+    cat newcert.pem
+    echo "Signed certificate is in newcert.pem"
+    ;;
+-signcert) 
+    echo "Cert passphrase will be requested twice - bug?"
+    $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+    $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+    cat newcert.pem
+    echo "Signed certificate is in newcert.pem"
+    ;;
+-verify) 
+    shift
+    if [ -z "$1" ]; then
+            $VERIFY -CAfile $CATOP/$CACERT newcert.pem
+            RET=$?
+    else
+        for j
+        do
+            $VERIFY -CAfile $CATOP/$CACERT $j
+            if [ $? != 0 ]; then
+                    RET=$?
+            fi
+        done
+    fi
+    exit 0
+    ;;
+*)
+    echo "Unknown arg $i";
+    exit 1
+    ;;
+esac
+done
+exit $RET

diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh new file mode 100644 index 0000000000..1942b985a2 --- /dev/null +++ b/src/lib/libssl/src/apps/CA.sh
@@ -0,0 +1,132 @@
	1	#!/bin/sh
	2	#
	3	# CA - wrapper around ca to make it easier to use ... basically ca requires
	4	# some setup stuff to be done before you can use it and this makes
	5	# things easier between now and when Eric is convinced to fix it :-)
	6	#
	7	# CA -newca ... will setup the right stuff
	8	# CA -newreq ... will generate a certificate request
	9	# CA -sign ... will sign the generated request and output
	10	#
	11	# At the end of that grab newreq.pem and newcert.pem (one has the key
	12	# and the other the certificate) and cat them together and that is what
	13	# you want/need ... I'll make even this a little cleaner later.
	14	#
	15	#
	16	# 12-Jan-96 tjh Added more things ... including CA -signcert which
	17	# converts a certificate to a request and then signs it.
	18	# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
	19	# environment variable so this can be driven from
	20	# a script.
	21	# 25-Jul-96 eay Cleaned up filenames some more.
	22	# 11-Jun-96 eay Fixed a few filename missmatches.
	23	# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
	24	# 18-Apr-96 tjh Original hacking
	25	#
	26	# Tim Hudson
	27	# tjh@cryptsoft.com
	28	#
	29
	30	# default ssleay.cnf file has setup as per the following
	31	# demoCA ... where everything is stored
	32
	33	DAYS="-days 365"
	34	REQ="ssleay req $SSLEAY_CONFIG"
	35	CA="ssleay ca $SSLEAY_CONFIG"
	36	VERIFY="ssleay verify"
	37	X509="ssleay x509"
	38
	39	CATOP=./demoCA
	40	CAKEY=./cakey.pem
	41	CACERT=./cacert.pem
	42
	43	for i
	44	do
	45	case $i in
	46	-\?\|-h\|-help)
	47	echo "usage: CA -newcert\|-newreq\|-newca\|-sign\|-verify" >&2
	48	exit 0
	49	;;
	50	-newcert)
	51	# create a certificate
	52	$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
	53	RET=$?
	54	echo "Certificate (and private key) is in newreq.pem"
	55	;;
	56	-newreq)
	57	# create a certificate request
	58	$REQ -new -keyout newreq.pem -out newreq.pem $DAYS
	59	RET=$?
	60	echo "Request (and private key) is in newreq.pem"
	61	;;
	62	-newca)
	63	# if explictly asked for or it doesn't exist then setup the directory
	64	# structure that Eric likes to manage things
	65	NEW="1"
	66	if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
	67	# create the directory hierarchy
	68	mkdir ${CATOP}
	69	mkdir ${CATOP}/certs
	70	mkdir ${CATOP}/crl
	71	mkdir ${CATOP}/newcerts
	72	mkdir ${CATOP}/private
	73	echo "01" > ${CATOP}/serial
	74	touch ${CATOP}/index.txt
	75	fi
	76	if [ ! -f ${CATOP}/private/$CAKEY ]; then
	77	echo "CA certificate filename (or enter to create)"
	78	read FILE
	79
	80	# ask user for existing CA certificate
	81	if [ "$FILE" ]; then
	82	cp $FILE ${CATOP}/private/$CAKEY
	83	RET=$?
	84	else
	85	echo "Making CA certificate ..."
	86	$REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
	87	-out ${CATOP}/$CACERT $DAYS
	88	RET=$?
	89	fi
	90	fi
	91	;;
	92	-xsign)
	93	$CA -policy policy_anything -infiles newreq.pem
	94	RET=$?
	95	;;
	96	-sign\|-signreq)
	97	$CA -policy policy_anything -out newcert.pem -infiles newreq.pem
	98	RET=$?
	99	cat newcert.pem
	100	echo "Signed certificate is in newcert.pem"
	101	;;
	102	-signcert)
	103	echo "Cert passphrase will be requested twice - bug?"
	104	$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
	105	$CA -policy policy_anything -out newcert.pem -infiles tmp.pem
	106	cat newcert.pem
	107	echo "Signed certificate is in newcert.pem"
	108	;;
	109	-verify)
	110	shift
	111	if [ -z "$1" ]; then
	112	$VERIFY -CAfile $CATOP/$CACERT newcert.pem
	113	RET=$?
	114	else
	115	for j
	116	do
	117	$VERIFY -CAfile $CATOP/$CACERT $j
	118	if [ $? != 0 ]; then
	119	RET=$?
	120	fi
	121	done
	122	fi
	123	exit 0
	124	;;
	125	*)
	126	echo "Unknown arg $i";
	127	exit 1
	128	;;
	129	esac
	130	done
	131	exit $RET
	132