17 gadi atpakaļ · 82b840c785
--- a/modules/tls/ser_cert.sh
+++ b/modules/tls/ser_cert.sh
@@ -0,0 +1,168 @@
 
				+#!/bin/sh
			
 
				+#
			
 
				+# $Id$
			
 
				+#
			
 
				+# This script generates a self-signed TLS/SSL certificate that can be
			
 
				+# immediately used with the TLS module of SER. The file was inspired
			
 
				+# by a script from Debian's uw-imapd package.
			
 
				+#
			
 
				+
			
 
				+#############################################################################
			
 
				+# Configuration variables
			
 
				+#############################################################################
			
 
				+DEFAULT_DIR="/usr/local/etc/ser"
			
 
				+DEFAULT_DAYS=365
			
 
				+DEFAULT_INFO="Self-signed certificate for SER"
			
 
				+DEFAULT_CERT_FILENAME="ser-selfsigned.pem"
			
 
				+DEFAULT_KEY_FILENAME="ser-selfsigned.key"
			
 
				+
			
 
				+DEFAULT_OPENSSL='openssl'
			
 
				+
			
 
				+HOSTNAME=`hostname -s`
			
 
				+FQDN=`hostname -f`
			
 
				+MAILNAME=`cat /etc/mailname 2> /dev/null || hostname -f`
			
 
				+
			
 
				+usage() {
			
 
				+cat <<EOF
			
 
				+NAME
			
 
				+  $COMMAND - Generate a self-signed TLS/SSL certificate for use with SER.
			
 
				+
			
 
				+SYNOPSIS
			
 
				+  $COMMAND [options]
			
 
				+
			
 
				+DESCRIPTION
			
 
				+  This is a simple shell script that generates a self signed TLS/SSL
			
 
				+  certificate (and private key) for use with the tls module of SER. The
			
 
				+  self-signed certificate is suitable for testing and/or private setups.
			
 
				+  You are encouraged to create a proper authorized one if needed.
			
 
				+
			
 
				+  Both certificate and key files are by default stored in the directory
			
 
				+  containing the configuration file of SER (unless you change it using
			
 
				+  the options below).
			
 
				+
			
 
				+OPTIONS
			
 
				+  -h, --help
			
 
				+      Display this help text.
			
 
				+
			
 
				+  -d, --dir=DIRECTORY
			
 
				+      The path to the directory where cert and key files will be stored.
			
 
				+	  (Default value is '$DEFAULT_DIR')
			
 
				+
			
 
				+  -c, --certificate=FILENAME
			
 
				+      The name of the file where the certificate will be stored.
			
 
				+	  (Default value is '$DEFAULT_CERT_FILENAME')
			
 
				+
			
 
				+  -k, --key=FILENAME
			
 
				+      The name of the file where the private key will be stored.
			
 
				+	  (Default value is '$DEFAULT_KEY_FILENAME')
			
 
				+
			
 
				+  -e, --expires=DAYS
			
 
				+      Number of days for which the certificate will be valid.
			
 
				+	  (Default value is '$DEFAULT_DAYS')
			
 
				+
			
 
				+  -i, --info=TEXT
			
 
				+      The description text to be embedded in the certificate.
			
 
				+	  (Default value is '$DEFAULT_INFO')
			
 
				+
			
 
				+  -o, --overwrite
			
 
				+      Overwrite certificate and key files if they exist already.
			
 
				+      (By default they will be not overwritten.)
			
 
				+
			
 
				+ENVIRONMENT VARIABLES
			
 
				+  OPENSSL	Path to openssl command (Currently ${OPENSSL})
			
 
				+
			
 
				+AUTHOR
			
 
				+  Written by Jan Janak <[email protected]>
			
 
				+
			
 
				+REPORTING BUGS
			
 
				+  Report bugs to <[email protected]>
			
 
				+EOF
			
 
				+} #usage
			
 
				+
			
 
				+
			
 
				+COMMAND=`basename $0`
			
 
				+if [ -z "$DIR" ] ; then DIR=$DEFAULT_DIR; fi;
			
 
				+if [ -z "$DAYS" ] ; then DAYS=$DEFAULT_DAYS; fi;
			
 
				+if [ -z "$INFO" ] ; then INFO=$DEFAULT_INFO; fi;
			
 
				+if [ -z "$CERT_FILENAME" ] ; then CERT_FILENAME=$DEFAULT_CERT_FILENAME; fi;
			
 
				+if [ -z "$KEY_FILENAME" ] ; then KEY_FILENAME=$DEFAULT_KEY_FILENAME; fi;
			
 
				+if [ -z "$OPENSSL" ] ; then OPENSSL=$DEFAULT_OPENSSL; fi;
			
 
				+
			
 
				+TEMP=`getopt -o hd:c:k:e:i:o --long help,dir:,certificate:,key:,expires:,info:,overwrite -n $COMMAND -- "$@"`
			
 
				+if [ $? != 0 ] ; then exit 1; fi
			
 
				+eval set -- "$TEMP"
			
 
				+
			
 
				+while true ; do
			
 
				+	case "$1" in
			
 
				+	-h|--help)         usage;                 exit 0 ;;
			
 
				+	-d|--dir)          DIR=$2;                shift 2 ;;
			
 
				+	-c|--certificate)  CERT_FILENAME=$2;      shift 2 ;;
			
 
				+	-k|--key)          KEY_FILENAME=$2;       shift 2 ;;
			
 
				+	-e|--expires)      DAYS=$2;               shift 2 ;;
			
 
				+	-i|--info)         INFO=$2;               shift 2 ;;
			
 
				+    -o|--overwrite)    OVERWRITE=1;           shift ;;
			
 
				+	--)                shift;                 break ;;
			
 
				+	*)                 echo "Internal error"; exit 1 ;;
			
 
				+	esac
			
 
				+done
			
 
				+
			
 
				+TEMP=`which $OPENSSL`
			
 
				+if [ $? != 0 ] ; then
			
 
				+	echo "Could not find openssl command"
			
 
				+	echo "Set OPENSSL environment variable properly (see -h for more info)"
			
 
				+	exit 1
			
 
				+fi
			
 
				+
			
 
				+if [ ! -d "$DIR" ] ; then
			
 
				+	echo "Directory '$DIR' does not exist."
			
 
				+	exit 1
			
 
				+fi
			
 
				+
			
 
				+if [ -z "$OVERWRITE" -a \( -f "$DIR/$CERT_FILENAME" \) ] ; then
			
 
				+	echo "File '$DIR/$CERT_FILENAME' already exists, doing nothing."
			
 
				+	echo "(Use -o to override)"
			
 
				+	exit 0;
			
 
				+fi
			
 
				+
			
 
				+
			
 
				+if [ -z "$OVERWRITE" -a \( -f "$DIR/$KEY_FILENAME" \) ] ; then
			
 
				+	echo "File '$DIR/$KEY_FILENAME' already exists, doing nothing."
			
 
				+	echo "(Use -o to override)."
			
 
				+	exit 0;
			
 
				+fi
			
 
				+
			
 
				+touch "$DIR/$CERT_FILENAME" > /dev/null 2>&1
			
 
				+if [ $? != 0 ] ; then
			
 
				+	echo "Could not create file '$DIR/$CERT_FILENAME'"
			
 
				+	exit 1
			
 
				+fi
			
 
				+
			
 
				+touch "$DIR/$KEY_FILENAME" > /dev/null 2>&1
			
 
				+if [ $? != 0 ] ; then
			
 
				+	echo "Could not create file '$DIR/$KEY_FILENAME'"
			
 
				+	rm -f "$DIR/$CERT_FILE"
			
 
				+	exit 1
			
 
				+fi
			
 
				+
			
 
				+echo "Creating a new SER self-signed certificate for '$FQDN'" \
			
 
				+     "valid for $DAYS days."
			
 
				+openssl req -new -x509 -days "$DAYS" -nodes -out "$DIR/$CERT_FILENAME" \
			
 
				+        -keyout "$DIR/$KEY_FILENAME" > /dev/null 2>&1 <<+
			
 
				+.
			
 
				+.
			
 
				+.
			
 
				+$INFO
			
 
				+$HOSTNAME
			
 
				+$FQDN
			
 
				+root@$MAILNAME
			
 
				++
			
 
				+
			
 
				+if [ $? != 0 ] ; then
			
 
				+	echo "Error while executing openssl command."
			
 
				+	rm -f "$DIR/$CERT_FILE" "$DIR/$KEY_FILE"
			
 
				+	exit 1;
			
 
				+else
			
 
				+	echo "Private key stored in '$DIR/$KEY_FILENAME'."
			
 
				+	echo "Certificate stored in '$DIR/$CERT_FILENAME'."
			
 
				+	exit 0;
			
 
				+fi
			
--- a/modules/tls/tls.cfg
+++ b/modules/tls/tls.cfg
@@ -17,9 +17,8 @@
 
				 method = TLSv1
			
 
				 verify_certificate = no
			
 
				 require_certificate = no
			
 
				-private_key = default_key.pem
			
 
				-certificate = default_cert.pem
			
 
				-ca_list = default_ca.pem
			
 
				+private_key = ser-selfsigned.key
			
 
				+certificate = ser-selfsigned.pem
			
 
				 
			
 
				 # This is the default client domain, settings
			
 
				 # in this domain will be used for all outgoing