SSL Java viewer work thru proxy. -sslGenCA, etc key/cert management utils for x11vnc. FBPM "support".
parent
1602b345f3
commit
d14cf0a84c
@ -1,2 +1,2 @@
|
||||
EXTRA_DIST=VncViewer.jar index.vnc
|
||||
EXTRA_DIST=VncViewer.jar index.vnc SignedVncViewer.jar proxy.vnc README ssl_vncviewer
|
||||
|
||||
|
@ -0,0 +1,72 @@
|
||||
This directory contains a patched Java applet VNC viewer that is SSL
|
||||
enabled.
|
||||
|
||||
The patches in the *.patch files are relative to the source tarball:
|
||||
|
||||
tightvnc-1.3dev7_javasrc.tar.gz
|
||||
|
||||
currently (4/06) available here:
|
||||
|
||||
http://prdownloads.sourceforge.net/vnc-tight/tightvnc-1.3dev7_javasrc.tar.gz?download
|
||||
|
||||
It also includes some simple patches to:
|
||||
|
||||
- fix richcursor colors
|
||||
|
||||
- make the Java Applet cursor (not the cursor drawn to the canvas
|
||||
framebuffer) invisible when it is inside the canvas.
|
||||
|
||||
- allow Tab (and some other) keystrokes to be sent to the vnc
|
||||
server instead of doing widget traversal.
|
||||
|
||||
|
||||
This SSL applet should work with any VNC viewer that has an SSL tunnel in
|
||||
front of it. It has been tested on x11vnc and using the stunnel tunnel
|
||||
to other VNC servers.
|
||||
|
||||
By default this Vnc Viewer will only do SSL. To do unencrypted traffic
|
||||
see the "DisableSSL" applet parameter (e.g. set it to Yes in index.vnc).
|
||||
|
||||
Proxies: they are a general problem with java socket applets (a socket
|
||||
connection does not go through the proxy). See the info in the proxy.vnc
|
||||
file for a workaround. It uses SignedVncViewer.jar which is simply
|
||||
a signed version of VncViewer.jar. The basic idea is the user clicks
|
||||
"Yes" to trust the applet and then it can connect directly to the proxy
|
||||
and issue a CONNECT request.
|
||||
|
||||
This applet has been tested on versions 1.4.2 and 1.5.0 of the Sun
|
||||
Java plugin. It may not work on older releases or different vendor VM's.
|
||||
Send full Java Console output for failures.
|
||||
|
||||
---------------------------------------------------------------
|
||||
Tips:
|
||||
|
||||
When doing single-port proxy connections (e.g. both VNC and HTTPS
|
||||
thru port 5900) it helps to move through the 'do you trust this site'
|
||||
dialogs quickly. x11vnc has to wait to see if the traffic is VNC or
|
||||
HTTP and this can cause timeouts if you don't move thru them quickly.
|
||||
|
||||
You may have to restart your browser completely if it gets into a
|
||||
weird state. For one case we saw the JVM requesting VncViewer.class
|
||||
even when no such file exists.
|
||||
|
||||
|
||||
---------------------------------------------------------------
|
||||
Extras:
|
||||
|
||||
ssl_vncviewer (not Java):
|
||||
|
||||
Wrapper script for native VNC viewer to connect to x11vnc in
|
||||
SSL mode. Script launches stunnel(8) and then connects to it
|
||||
via localhost which in turn is then redirected to x11vnc via an
|
||||
SSL tunnel. stunnel(8) must be installed and available in PATH.
|
||||
|
||||
|
||||
Running Java SSL VncViewer from the command line:
|
||||
|
||||
From this directory:
|
||||
|
||||
java -cp ./VncViewer.jar VncViewer HOST <thehost> PORT <theport>
|
||||
|
||||
substitute <thehost> and <theport> with the actual values.
|
||||
|
Binary file not shown.
Binary file not shown.
@ -0,0 +1,70 @@
|
||||
<!--
|
||||
index.vnc - default HTML page for TightVNC Java viewer applet, to be
|
||||
used with Xvnc. On any file ending in .vnc, the HTTP server embedded in
|
||||
Xvnc will substitute the following variables when preceded by a dollar:
|
||||
USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,
|
||||
PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated
|
||||
HTML page.
|
||||
|
||||
NOTE: the $PARAMS variable is not supported by the standard VNC, so
|
||||
make sure you have TightVNC on the server side, if you're using this
|
||||
variable.
|
||||
-->
|
||||
|
||||
<!--
|
||||
The idea behind using the signed applet in SignedVncViewer.jar for
|
||||
firewall proxies:
|
||||
|
||||
Java socket applets and http proxies do not get along well.
|
||||
|
||||
Java security allows the applet to connect back via a socket to the
|
||||
originating host, but the browser/plugin Proxy settings are not used for
|
||||
socket connections (only http and the like). So the socket connection
|
||||
fails in the proxy environment.
|
||||
|
||||
The applet is not allowed to open a socket connection to the proxy (since
|
||||
that would let it connect to just about any host, e.g. CONNECT method).
|
||||
|
||||
This is indpendent of SSL but of course fails for that socket connection
|
||||
as well. I.e. this is a problem for non-SSL VNC Viewers as well.
|
||||
|
||||
Solution? Sign the applet and have the user click on "Yes" that they
|
||||
fully trust the applet. Then the applet can connect to any host via
|
||||
sockets, in particular the proxy. It next issues the request
|
||||
|
||||
CONNECT host:port HTTP/1.1
|
||||
Host: host:port
|
||||
|
||||
and if the proxy supports the CONNECT method we are finally connected to
|
||||
the VNC server.
|
||||
|
||||
For SSL connections, SSL is layered on top of this socket. However note
|
||||
this scheme will work for non-SSL applet proxy tunnelling as well.
|
||||
|
||||
It should be able to get non-SSL VNC connections to work via GET
|
||||
command but that has not been done yet.
|
||||
|
||||
Note that some proxies only allow CONNECT to only these the ports 443
|
||||
(HTTPS) and 563 (SNEWS). So you would have to run the VNC server on
|
||||
those ports.
|
||||
|
||||
SignedVncViewer.jar is just a signed version of VncViewer.jar
|
||||
|
||||
The URL to use for this file: https://host:port/proxy.vnc
|
||||
|
||||
-->
|
||||
|
||||
|
||||
<HTML>
|
||||
<TITLE>
|
||||
$USER's $DESKTOP desktop ($DISPLAY)
|
||||
</TITLE>
|
||||
<APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar
|
||||
WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT>
|
||||
<param name=PORT value=$PORT>
|
||||
<param name="Open New Window" value=yes>
|
||||
$PARAMS
|
||||
</APPLET>
|
||||
<BR>
|
||||
<A href="http://www.tightvnc.com/">TightVNC site</A>
|
||||
</HTML>
|
@ -0,0 +1,142 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# ssl_vncviewer: wrapper for vncviewer to use stunnel SSL tunnel.
|
||||
#
|
||||
# You must have stunnel(8) installed on the system and in your
|
||||
# PATH (n.b. stunnel is usually in an sbin subdir).
|
||||
#
|
||||
# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..."
|
||||
# running as the VNC server.
|
||||
#
|
||||
# usage: ssl_vncviewer [cert-args] host:display <vncviewer-args>
|
||||
#
|
||||
# e.g.: ssl_vncviewer snoopy:0
|
||||
# ssl_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
|
||||
#
|
||||
# [cert-args] can be:
|
||||
# -verify /path/to/cacert.pem
|
||||
# -mycert /path/to/mycert.pem
|
||||
#
|
||||
# -verify specifies a CA cert PEM file (or a self-signed one) for
|
||||
# authenticating the VNC server.
|
||||
#
|
||||
# -mycert specifies this client's cert+key PEM file for the VNC server to
|
||||
# authenticate this client.
|
||||
#
|
||||
|
||||
VNCVIEWERCMD="vncviewer"
|
||||
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
|
||||
|
||||
help() {
|
||||
head -26 $0 | tail +2
|
||||
}
|
||||
|
||||
# grab our cmdline options:
|
||||
while [ "X$1" != "X" ]
|
||||
do
|
||||
case $1 in
|
||||
"-verify") shift; verify="$1"
|
||||
;;
|
||||
"-mycert") shift; mycert="$1"
|
||||
;;
|
||||
"-h"*) help; exit 0
|
||||
;;
|
||||
*) break
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
orig="$1"
|
||||
shift
|
||||
|
||||
# play around with host:display port:
|
||||
if ! echo "$orig" | grep ':' > /dev/null; then
|
||||
orig="$orig:0"
|
||||
fi
|
||||
|
||||
host=`echo "$orig" | awk -F: '{print $1}'`
|
||||
disp=`echo "$orig" | awk -F: '{print $2}'`
|
||||
if [ $disp -lt 200 ]; then
|
||||
port=`expr $disp + 5900`
|
||||
fi
|
||||
|
||||
# try to find an open listening port via netstat(1):
|
||||
use=""
|
||||
if uname | grep Linux > /dev/null; then
|
||||
inuse=`netstat -ant | grep LISTEN | awk '{print $4}' | sed 's/^.*://'`
|
||||
try=5920
|
||||
while [ $try -lt 6000 ]
|
||||
do
|
||||
if ! echo "$inuse" | grep -w $try > /dev/null; then
|
||||
use=$try
|
||||
break
|
||||
fi
|
||||
try=`expr $try + 1`
|
||||
done
|
||||
fi
|
||||
if [ "X$use" = "X" ]; then
|
||||
# otherwise choose a "random" one:
|
||||
use=`date +%S`
|
||||
use=`expr $use + 5920`
|
||||
fi
|
||||
|
||||
# create the stunnel config file:
|
||||
if [ "X$verify" != "X" ]; then
|
||||
if [ -d $verify ]; then
|
||||
verify="CApath = $verify"
|
||||
else
|
||||
verify="CAfile = $verify"
|
||||
fi
|
||||
verify="$verify
|
||||
verify = 2"
|
||||
fi
|
||||
if [ "X$mycert" != "X" ]; then
|
||||
cert="cert = $mycert"
|
||||
fi
|
||||
|
||||
##debug = 7
|
||||
tmp=/tmp/ssl_vncviewer.$$
|
||||
cat > $tmp <<END
|
||||
foreground = yes
|
||||
pid =
|
||||
client = yes
|
||||
$verify
|
||||
$cert
|
||||
|
||||
[vnc_stunnel]
|
||||
accept = $use
|
||||
connect= $host:$port
|
||||
END
|
||||
|
||||
echo ""
|
||||
echo "Using this stunnel configuration:"
|
||||
cat $tmp
|
||||
echo ""
|
||||
sleep 1
|
||||
|
||||
echo "running: stunnel $tmp"
|
||||
stunnel $tmp < /dev/tty > /dev/tty &
|
||||
pid=$!
|
||||
echo ""
|
||||
|
||||
# pause here to let the user supply a possible passphrase for the
|
||||
# mycert key:
|
||||
if [ "X$mycert" != "X" ]; then
|
||||
sleep 4
|
||||
fi
|
||||
sleep 2
|
||||
rm -f $tmp
|
||||
|
||||
if [ $use -ge 5900 ]; then
|
||||
n=`expr $use - 5900`
|
||||
fi
|
||||
|
||||
if echo "$0" | grep vncip > /dev/null; then
|
||||
# hack for runge's special wrapper script vncip.
|
||||
vncip "$@" localhost:$n
|
||||
else
|
||||
$VNCVIEWERCMD "$@" localhost:$n
|
||||
fi
|
||||
|
||||
kill $pid
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,93 @@
|
||||
/* -- pm.c -- */
|
||||
#include "x11vnc.h"
|
||||
#include "cleanup.h"
|
||||
|
||||
void check_pm(void);
|
||||
static void check_fbpm(void);
|
||||
|
||||
#if LIBVNCSERVER_HAVE_FBPM
|
||||
#include <X11/Xmd.h>
|
||||
#include <X11/extensions/fbpm.h>
|
||||
#endif
|
||||
|
||||
void check_pm(void) {
|
||||
check_fbpm();
|
||||
/* someday dpms activities? */
|
||||
}
|
||||
|
||||
static void check_fbpm(void) {
|
||||
static int init_fbpm = 0;
|
||||
#if LIBVNCSERVER_HAVE_FBPM
|
||||
static int fbpm_capable = 0;
|
||||
static time_t last_fbpm = 0;
|
||||
int db = 1;
|
||||
|
||||
CARD16 level;
|
||||
BOOL enabled;
|
||||
|
||||
if (raw_fb && ! dpy) return; /* raw_fb hack */
|
||||
|
||||
if (! init_fbpm) {
|
||||
if (FBPMCapable(dpy)) {
|
||||
fbpm_capable = 1;
|
||||
rfbLog("X display is capable of FBPM.\n");
|
||||
if (watch_fbpm) {
|
||||
rfbLog("Preventing low-power FBPM modes when"
|
||||
" VNC clients are connected.\n");
|
||||
}
|
||||
} else {
|
||||
rfbLog("X display is not capable of FBPM.\n");
|
||||
fbpm_capable = 0;
|
||||
}
|
||||
init_fbpm = 1;
|
||||
}
|
||||
|
||||
if (! watch_fbpm) {
|
||||
return;
|
||||
}
|
||||
if (! fbpm_capable) {
|
||||
return;
|
||||
}
|
||||
if (! client_count) {
|
||||
return;
|
||||
}
|
||||
if (time(0) < last_fbpm + 5) {
|
||||
return;
|
||||
}
|
||||
last_fbpm = time(0);
|
||||
|
||||
if (FBPMInfo(dpy, &level, &enabled)) {
|
||||
if (db) fprintf(stderr, "FBPMInfo level: %d enabled: %d\n", level, enabled);
|
||||
|
||||
if (enabled && level != FBPMModeOn) {
|
||||
char *from = "unknown-fbpm-state";
|
||||
XErrorHandler old_handler = XSetErrorHandler(trap_xerror);
|
||||
trapped_xerror = 0;
|
||||
|
||||
if (level == FBPMModeStandby) {
|
||||
from = "FBPMModeStandby";
|
||||
} else if (level == FBPMModeSuspend) {
|
||||
from = "FBPMModeSuspend";
|
||||
} else if (level == FBPMModeOff) {
|
||||
from = "FBPMModeOff";
|
||||
}
|
||||
|
||||
rfbLog("switching FBPM state from %s to FBPMModeOn\n", from);
|
||||
|
||||
FBPMForceLevel(dpy, FBPMModeOn);
|
||||
|
||||
XSetErrorHandler(old_handler);
|
||||
trapped_xerror = 0;
|
||||
}
|
||||
} else {
|
||||
if (db) fprintf(stderr, "FBPMInfo failed.\n");
|
||||
}
|
||||
#else
|
||||
if (raw_fb && ! dpy) return; /* raw_fb hack */
|
||||
if (! init_fbpm) {
|
||||
rfbLog("X FBPM extension not supported.\n");
|
||||
init_fbpm = 1;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
@ -0,0 +1,7 @@
|
||||
#ifndef _X11VNC_PM_H
|
||||
#define _X11VNC_PM_H
|
||||
|
||||
/* -- pm.h -- */
|
||||
extern void check_pm(void);
|
||||
|
||||
#endif /* _X11VNC_PM_H */
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,674 @@
|
||||
#ifndef _SSLTOOLS_H
|
||||
#define _SSLTOOLS_H
|
||||
|
||||
/* quoted scripts, edit source not this file. */
|
||||
|
||||
|
||||
char genCA[] =
|
||||
"#!/bin/sh\n"
|
||||
"\n"
|
||||
"DIR=$BASE_DIR\n"
|
||||
"if [ \"x$DIR\" = \"x\" ]; then\n"
|
||||
" DIR=\"$HOME/dotkjr_vnc/certs\"\n"
|
||||
" rm -rf \"$DIR\"\n"
|
||||
"fi\n"
|
||||
"if echo \"$DIR\" | grep '^/' > /dev/null; then\n"
|
||||
" :\n"
|
||||
"else\n"
|
||||
" DIR=\"`pwd`/$DIR\"\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"PATH=/usr/bin:/bin:/usr/sbin:$PATH; export PATH\n"
|
||||
"if [ \"x$OPENSSL\" = \"x\" ]; then\n"
|
||||
" OPENSSL=\"openssl\"\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"type \"$OPENSSL\" > /dev/null || exit 1\n"
|
||||
"\n"
|
||||
"if [ -f \"$DIR/CA/cacert.pem\" ]; then\n"
|
||||
" echo \"Files will be overwritten in $DIR/CA\"\n"
|
||||
" printf \"Continue? [y]/n \"\n"
|
||||
" read x\n"
|
||||
" if [ \"x$x\" = \"xn\" ]; then\n"
|
||||
" exit 1;\n"
|
||||
" fi\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"#mkdir -p \"$DIR/HASH\" || exit 1\n"
|
||||
"mkdir -p \"$DIR/clients\" || exit 1\n"
|
||||
"#mkdir -p \"$DIR/clients/HASH\" || exit 1\n"
|
||||
"mkdir -p \"$DIR/CA/certs\" || exit 1\n"
|
||||
"mkdir -p \"$DIR/CA/crl\" || exit 1\n"
|
||||
"mkdir -p \"$DIR/CA/newcerts\" || exit 1\n"
|
||||
"mkdir -p \"$DIR/CA/private\" || exit 1\n"
|
||||
"chmod go-rwx \"$DIR/CA/private\" || exit 1\n"
|
||||
"mkdir -p \"$DIR/tmp\" || exit 1\n"
|
||||
"chmod go-rwx \"$DIR/tmp\" || exit 1\n"
|
||||
"touch \"$DIR/CA/index.txt\" || exit 1\n"
|
||||
"if [ ! -f \"$DIR/CA/serial\" ]; then\n"
|
||||
" echo \"01\" > \"$DIR/CA/serial\" || exit 1\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"cnf='\n"
|
||||
"HOME = .\n"
|
||||
"RANDFILE = $ENV::HOME/.rnd\n"
|
||||
"\n"
|
||||
"####################################################################\n"
|
||||
"[ ca ]\n"
|
||||
"default_ca = CA_default # The default ca section\n"
|
||||
"\n"
|
||||
"####################################################################\n"
|
||||
"[ CA_default ]\n"
|
||||
"\n"
|
||||
"dir = ./CA # Where everything is kept\n"
|
||||
"certs = $dir/certs # Where the issued certs are kept\n"
|
||||
"crl_dir = $dir/crl # Where the issued crl are kept\n"
|
||||
"database = $dir/index.txt # database index file.\n"
|
||||
"new_certs_dir = $dir/newcerts # default place for new certs.\n"
|
||||
"certificate = $dir/cacert.pem # The CA certificate\n"
|
||||
"serial = $dir/serial # The current serial number\n"
|
||||
"crl = $dir/crl.pem # The current CRL\n"
|
||||
"private_key = $dir/private/cakey.pem # The private key\n"
|
||||
"RANDFILE = $dir/private/.rand # private random number file\n"
|
||||
"\n"
|
||||
"x509_extensions = usr_cert # The extentions to add to the cert\n"
|
||||
"\n"
|
||||
"name_opt = ca_default # Subject Name options\n"
|
||||
"cert_opt = ca_default # Certificate field options\n"
|
||||
"\n"
|
||||
"default_days = 365 # how long to certify for\n"
|
||||
"default_crl_days= 30 # how long before next CRL\n"
|
||||
"default_md = md5 # which md to use.\n"
|
||||
"preserve = no # keep passed DN ordering\n"
|
||||
"\n"
|
||||
"policy = policy_match\n"
|
||||
"\n"
|
||||
"# For the CA policy\n"
|
||||
"[ policy_match ]\n"
|
||||
"countryName = match\n"
|
||||
"stateOrProvinceName = match\n"
|
||||
"organizationName = match\n"
|
||||
"organizationalUnitName = optional\n"
|
||||
"commonName = supplied\n"
|
||||
"emailAddress = optional\n"
|
||||
"\n"
|
||||
"[ policy_anything ]\n"
|
||||
"countryName = optional\n"
|
||||
"stateOrProvinceName = optional\n"
|
||||
"localityName = optional\n"
|
||||
"organizationName = optional\n"
|
||||
"organizationalUnitName = optional\n"
|
||||
"commonName = supplied\n"
|
||||
"emailAddress = optional\n"
|
||||
"\n"
|
||||
"####################################################################\n"
|
||||
"[ req ]\n"
|
||||
"default_bits = 2048\n"
|
||||
"default_keyfile = privkey.pem\n"
|
||||
"distinguished_name = req_distinguished_name\n"
|
||||
"attributes = req_attributes\n"
|
||||
"x509_extensions = v3_ca # The extentions to add to the self signed cert\n"
|
||||
"\n"
|
||||
"string_mask = nombstr\n"
|
||||
"\n"
|
||||
"# req_extensions = v3_req # The extensions to add to a certificate request\n"
|
||||
"\n"
|
||||
"[ req_distinguished_name ]\n"
|
||||
"countryName = Country Name (2 letter code)\n"
|
||||
"countryName_default = AU\n"
|
||||
"countryName_min = 2\n"
|
||||
"countryName_max = 2\n"
|
||||
"\n"
|
||||
"stateOrProvinceName = State or Province Name (full name)\n"
|
||||
"stateOrProvinceName_default = mystate\n"
|
||||
"\n"
|
||||
"localityName = Locality Name (eg, city)\n"
|
||||
"\n"
|
||||
"0.organizationName = Organization Name (eg, company)\n"
|
||||
"0.organizationName_default = x11vnc server CA\n"
|
||||
"\n"
|
||||
"organizationalUnitName = Organizational Unit Name (eg, section)\n"
|
||||
"\n"
|
||||
"commonName = Common Name (eg, YOUR name)\n"
|
||||
"commonName_default = %USER x11vnc server CA\n"
|
||||
"commonName_max = 64\n"
|
||||
"\n"
|
||||
"emailAddress = Email Address\n"
|
||||
"emailAddress_default = x11vnc@CA.nowhere\n"
|
||||
"emailAddress_max = 64\n"
|
||||
"\n"
|
||||
"[ req_attributes ]\n"
|
||||
"challengePassword = A challenge password\n"
|
||||
"challengePassword_min = 4\n"
|
||||
"challengePassword_max = 20\n"
|
||||
"\n"
|
||||
"unstructuredName = An optional company name\n"
|
||||
"\n"
|
||||
"[ usr_cert ]\n"
|
||||
"\n"
|
||||
"basicConstraints=CA:FALSE\n"
|
||||
"\n"
|
||||
"nsComment = \"OpenSSL Generated Certificate\"\n"
|
||||
"\n"
|
||||
"subjectKeyIdentifier=hash\n"
|
||||
"authorityKeyIdentifier=keyid,issuer:always\n"
|
||||
"\n"
|
||||
"[ v3_req ]\n"
|
||||
"\n"
|
||||
"basicConstraints = CA:FALSE\n"
|
||||
"keyUsage = nonRepudiation, digitalSignature, keyEncipherment\n"
|
||||
"\n"
|
||||
"[ v3_ca ]\n"
|
||||
"\n"
|
||||
"subjectKeyIdentifier=hash\n"
|
||||
"\n"
|
||||
"authorityKeyIdentifier=keyid:always,issuer:always\n"
|
||||
"\n"
|
||||
"basicConstraints = CA:true\n"
|
||||
"\n"
|
||||
"[ crl_ext ]\n"
|
||||
"\n"
|
||||
"authorityKeyIdentifier=keyid:always,issuer:always\n"
|
||||
"\n"
|
||||
"'\n"
|
||||
"selfcnf='\n"
|
||||
"####################################################################\n"
|
||||
"[ req ]\n"
|
||||
"default_bits = 2048\n"
|
||||
"encrypt_key = yes\n"
|
||||
"distinguished_name = req_distinguished_name\n"
|
||||
"x509_extensions = cert_type\n"
|
||||
"\n"
|
||||
"[ req_distinguished_name ]\n"
|
||||
"countryName = Country Name (2 letter code)\n"
|
||||
"countryName_default = AU\n"
|
||||
"countryName_min = 2\n"
|
||||
"countryName_max = 2\n"
|
||||
"\n"
|
||||
"stateOrProvinceName = State or Province Name (full name)\n"
|
||||
"stateOrProvinceName_default = mystate\n"
|
||||
"\n"
|
||||
"localityName = Locality Name (eg, city)\n"
|
||||
"\n"
|
||||
"0.organizationName = Organization Name (eg, company)\n"
|
||||
"0.organizationName_default = x11vnc server self-signed\n"
|
||||
"\n"
|
||||
"organizationalUnitName = Organizational Unit Name (eg, section)\n"
|
||||
"\n"
|
||||
"commonName = Common Name (eg, YOUR name)\n"
|
||||
"commonName_default = x11vnc server self-signed %NAME\n"
|
||||
"commonName_max = 64\n"
|
||||
"\n"
|
||||
"emailAddress = Email Address\n"
|
||||
"emailAddress_default = x11vnc@self-signed.nowhere\n"
|
||||
"emailAddress_max = 64\n"
|
||||
"\n"
|
||||
"[ cert_type ]\n"
|
||||
"nsCertType = server\n"
|
||||
"\n"
|
||||
"'\n"
|
||||
"echo \"$cnf\" | sed -e \"s/%USER/$USER/\" \\\n"
|
||||
" > \"$DIR/CA/ssl.cnf\" || exit 1\n"
|
||||
"echo \"$cnf\" | sed -e \"s/%USER *//\" -e 's/server CA/server %NAME/g' -e 's/@CA/@server/' \\\n"
|
||||
" > \"$DIR/CA/ssl.cnf.server\" || exit 1\n"
|
||||
"echo \"$cnf\" | sed -e \"s/%USER *//\" -e 's/server CA/client %NAME/g' -e 's/@CA/@client/' \\\n"
|
||||
" > \"$DIR/CA/ssl.cnf.client\" || exit 1\n"
|
||||
"\n"
|
||||
"echo \"$selfcnf\" > \"$DIR/CA/self.cnf.server\" || exit 1\n"
|
||||
"echo \"$selfcnf\" | sed -e 's/ server/ client/g' \\\n"
|
||||
" > \"$DIR/CA/self.cnf.client\" || exit 1\n"
|
||||
"\n"
|
||||
"cd \"$DIR\" || exit 1\n"
|
||||
"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \"----------------------------------------------------------------------\"\n"
|
||||
"echo \"Generating your x11vnc CA (certificate authority) key and certificate:\"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \"Please supply a passphrase and any other information you care to.\"\n"
|
||||
"echo \"----------------------------------------------------------------------\"\n"
|
||||
"echo \"\"\n"
|
||||
"\n"
|
||||
"\"$OPENSSL\" req -config \"$DIR/CA/ssl.cnf\" -new -x509 \\\n"
|
||||
" -keyout \"$DIR/CA/private/cakey.pem\" \\\n"
|
||||
" -out \"$DIR/CA/cacert.pem\"\n"
|
||||
"\n"
|
||||
"chmod go-rwx \"$DIR/CA/private/cakey.pem\"\n"
|
||||
"\n"
|
||||
"if [ $? != 0 ]; then\n"
|
||||
" echo \"openssl failed.\"\n"
|
||||
" exit 1\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \"----------------------------------------------------------------------\"\n"
|
||||
"echo \"Your public x11vnc CA cert is:\"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \" $DIR/CA/cacert.pem\"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \" It may be copied to other applications, e.g. Web browser, Java\"\n"
|
||||
"echo \" Applet keystore, or stunnel cfg, to use to verify signed server\"\n"
|
||||
"echo \" or client certs, etc.\"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \"Your private x11vnc CA key is:\"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \" $DIR/CA/private/cakey.pem\"\n"
|
||||
"echo \"\"\n"
|
||||
"echo \" It will be used to sign server or client certs, keep it secret.\"\n"
|
||||
"echo \"----------------------------------------------------------------------\"\n"
|
||||
"echo \"\"\n"
|
||||
"printf \"Press Enter to print the cacert.pem certificate to the screen: \"\n"
|
||||
"read x\n"
|
||||
"echo \"\"\n"
|
||||
"cat \"$DIR/CA/cacert.pem\"\n"
|
||||
;
|
||||
|
||||
char genCert[] =
|
||||
"#!/bin/sh\n"
|
||||
"\n"
|
||||
"direrror() {\n"
|
||||
" echo \"\"\n"
|
||||
" if echo \"$DIR\" | grep '/\\.vnc/certs' > /dev/null; then\n"
|
||||
" echo \"You need first to run: x11vnc -sslGenCA\"\n"
|
||||
" else\n"
|
||||
" echo \"You need first to run: x11vnc -sslGenCA $DIR\"\n"
|
||||
" fi\n"
|
||||
" echo \"to create the CA cert file and other needed config files and directories.\"\n"
|
||||
" echo \"\"\n"
|
||||
" if [ \"X$1\" != \"X\" ]; then\n"
|
||||
" echo \"(missing: $1)\"\n"
|
||||
" echo \"\"\n"
|
||||
" fi\n"
|
||||
" exit 1\n"
|
||||
"}\n"
|
||||
"\n"
|
||||
"make_HASH() {\n"
|
||||
" crt=\"$1\"\n"
|
||||
" remove=\"$2\"\n"
|
||||
" if [ ! -f \"$crt\" ]; then\n"
|
||||
" return\n"
|
||||
" fi\n"
|
||||
" dirhash=`dirname \"$crt\"`/HASH\n"
|
||||
" bashash=`basename \"$crt\"`\n"
|
||||
" if [ ! -d \"$dirhash\" ]; then\n"
|
||||
" return\n"
|
||||
" fi\n"
|
||||
" hash=`\"$OPENSSL\" x509 -hash -noout -in \"$crt\" 2>/dev/null | head -1`\n"
|
||||
" if [ \"X$hash\" != \"X\" ]; then\n"
|
||||
" for i in 0 1 2 3 4 5 6 7 8 9\n"
|
||||
" do\n"
|
||||
" lnk=\"$dirhash/$hash.$i\"\n"
|
||||
" if [ \"X$remove\" = \"X1\" ]; then\n"
|
||||
" if [ -h \"$lnk\" ]; then\n"
|
||||
" if cmp \"$lnk\" \"$crt\" > /dev/null 2>&1; then\n"
|
||||
" ls -l \"$lnk\"\n"
|
||||
" rm -i \"$lnk\"\n"
|
||||
" fi\n"
|
||||
" fi\n"
|
||||
" else\n"
|
||||
" if [ -h \"$lnk\" ]; then\n"
|
||||
" if [ ! -f \"$lnk\" ]; then\n"
|
||||
" rm -f \"$lnk\" 1>/dev/null 2>&1\n"
|
||||
" else\n"
|
||||
" continue\n"
|
||||
" fi\n"
|
||||
" fi\n"
|
||||
" if [ \"x$HASH_verbose\" = \"x1\" ]; then\n"
|
||||
" echo \"creating: $lnk -> ../$bashash\"\n"
|
||||
" fi\n"
|
||||
" ln -s \"../$bashash\" \"$lnk\"\n"
|
||||
" break\n"
|
||||
" fi\n"
|
||||
" done\n"
|
||||
" fi\n"
|
||||
"}\n"
|
||||
"\n"
|
||||
"create_key() {\n"
|
||||
" \n"
|
||||
" echo \"----------------------------------------------------------------------\"\n"
|
||||
" echo \"Creating new x11vnc certificate and key for name: $type $name0\"\n"
|
||||
" echo \"\"\n"
|
||||
"\n"
|
||||
" cnf=\"$DIR/tmp/cnf.$$\"\n"
|
||||
" trap \"rm -f \\\"$cnf\\\"\" 0 1 2 15\n"
|
||||
"\n"
|
||||
" rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
|
||||
"\n"
|
||||
" if [ \"x$self\" = \"x1\" ]; then\n"
|
||||
" if [ ! -f \"$DIR/CA/self.cnf.$type\" ]; then\n"
|
||||
" direrror \"$DIR/CA/self.cnf.$type\"\n"
|
||||
" fi\n"
|
||||
" cat \"$DIR/CA/self.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
|
||||
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 \\\n"
|
||||
" -keyout \"$DIR/$dest.key\" \\\n"
|
||||
" -out \"$DIR/$dest.crt\"\n"
|
||||
" else\n"
|
||||
" if [ ! -f \"$DIR/CA/ssl.cnf.$type\" ]; then\n"
|
||||
" direrror \"$DIR/CA/ssl.cnf.$type\"\n"
|
||||
" fi\n"
|
||||
" cat \"$DIR/CA/ssl.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
|
||||
" \"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 \\\n"
|
||||
" -keyout \"$DIR/$dest.key\" \\\n"
|
||||
" -out \"$DIR/$dest.req\"\n"
|
||||
" fi\n"
|
||||
" rc=$?\n"
|
||||
" if [ -f \"$DIR/$dest.key\" ]; then\n"
|
||||
" chmod go-rwx \"$DIR/$dest.key\"\n"
|
||||
" fi\n"
|
||||
"\n"
|
||||
"\n"
|
||||
"\n"
|
||||
" if [ $rc != 0 ]; then\n"
|
||||
" echo \"openssl 'req' command failed\"\n"
|
||||
" rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
|
||||
" exit 1\n"
|
||||
" fi\n"
|
||||
"}\n"
|
||||
"\n"
|
||||
"enc_key() {\n"
|
||||
" \n"
|
||||
" echo \"\"\n"
|
||||
" echo \"----------------------------------------------------------------------\"\n"
|
||||
" echo \"Do you want to protect the generated private key with a passphrase?\"\n"
|
||||
" echo \"Doing so will significantly decrease the chances someone could steal\"\n"
|
||||
" if [ \"x$type\" = \"xserver\" ]; then\n"
|
||||
" echo \"the key and pretend to be your x11vnc server. The downside is it is\"\n"
|
||||
" else\n"
|
||||
" echo \"the key and pretend to be your VNC client. The downside is it is\"\n"
|
||||
" fi\n"
|
||||
" echo \"inconvenient because you will have to supply the passphrase every\"\n"
|
||||
" if [ \"x$type\" = \"xserver\" ]; then\n"
|
||||
" echo \"time you start x11vnc using this key.\"\n"
|
||||
" else\n"
|
||||
" echo \"time you start the VNC viewer SSL tunnel using this key.\"\n"
|
||||
" fi\n"
|
||||
" echo \"\"\n"
|
||||
" printf \"Protect key with a passphrase? [y]/n \"\n"
|
||||
" read x\n"
|
||||
" estr=\" *unencrypted*\"\n"
|
||||
" if [ \"x$ENCRYPT_ONLY\" != \"x\" ]; then\n"
|
||||
" target=\"$ENCRYPT_ONLY\"\n"
|
||||
" else\n"
|
||||
" target=\"$DIR/$dest.key\"\n"
|
||||
" bdir=`dirname \"$DIR/$dest.key\"`\n"
|
||||
" if [ ! -d \"$bdir\" ]; then\n"
|
||||
" direrror \"$bdir\"\n"
|
||||
" fi\n"
|
||||
" fi\n"
|
||||
" if [ \"x$x\" != \"xn\" ]; then\n"
|
||||
" \"$OPENSSL\" rsa -in \"$target\" -des3 -out \"$target\"\n"
|
||||
" if [ $? != 0 ]; then\n"
|
||||
" echo \"openssl 'rsa' command failed\"\n"
|
||||
" rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
|
||||
" exit 1\n"
|
||||
" fi\n"
|
||||
" estr=\" encrypted\"\n"
|
||||
" fi\n"
|
||||
" echo \"\"\n"
|
||||
"}\n"
|
||||
"\n"
|
||||
"sign_key() {\n"
|
||||
" cd \"$DIR\" || exit 1\n"
|
||||
"\n"
|
||||
" if [ \"x$self\" = \"x1\" ]; then\n"
|
||||
" :\n"
|
||||
" else\n"
|
||||
" if echo \"$name0\" | grep '^req:' > /dev/null; then\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"----------------------------------------------------------------------\"\n"
|
||||
" echo \"Your x11vnc $type certificate request is:\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" $DIR/$dest.req\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" It may be sent to an external CA for signing, afterward you can\"\n"
|
||||
" echo \" save the cert they send you in:\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" $DIR/$dest.crt\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"Your$estr private x11vnc $type key is:\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" $DIR/$dest.key\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" You should combine it and the received cert in the file:\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" $DIR/$dest.pem\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" It will be needed by applications to identify themselves.\"\n"
|
||||
" echo \" This file should be kept secret.\"\n"
|
||||
" echo \"----------------------------------------------------------------------\"\n"
|
||||
" echo \"\"\n"
|
||||
" printf \"Press Enter to print the $dest.req cert request to the screen: \"\n"
|
||||
" read x\n"
|
||||
" echo \"\"\n"
|
||||
" cat \"$DIR/$dest.req\"\n"
|
||||
" exit 0\n"
|
||||
" fi\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"----------------------------------------------------------------------\"\n"
|
||||
" echo \"Now signing the new key with CA private key. You will need to supply\"\n"
|
||||
" echo \"the CA key passphrase and reply \\\"y\\\" to sign and commit the key.\"\n"
|
||||
" echo \"\"\n"
|
||||
" \"$OPENSSL\" ca -config \"$cnf\" -policy policy_anything -notext \\\n"
|
||||
" -in \"$DIR/$dest.req\" \\\n"
|
||||
" -out \"$DIR/$dest.crt\"\n"
|
||||
" if [ $? != 0 ]; then\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"openssl 'ca' command failed\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" You may have a duplicate DN entry for this name in:\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" $DIR/CA/index.txt\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" remove the duplicate in that file and try again.\"\n"
|
||||
" echo \"\"\n"
|
||||
" rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
|
||||
" exit 1\n"
|
||||
" fi\n"
|
||||
" fi\n"
|
||||
"\n"
|
||||
" cat \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \\\n"
|
||||
" > \"$DIR/$dest.pem\" || exit 1 \n"
|
||||
"\n"
|
||||
" make_HASH \"$DIR/$dest.crt\" 0\n"
|
||||
"\n"
|
||||
" rm -f \"$DIR/$dest.key\" \"$DIR/$dest.req\" || exit 1\n"
|
||||
" chmod go-rwx \"$DIR/$dest.pem\" || exit 1\n"
|
||||
"\n"
|
||||
" if [ \"x$type\" = \"xserver\" -o \"x$type\" = \"xclient\" ]; then\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"----------------------------------------------------------------------\"\n"
|
||||
" echo \"Your public x11vnc $type cert is:\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" $DIR/$dest.crt\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" It may be copied to other machines / applications to be used for\"\n"
|
||||
" echo \" authentication. However, since it is signed with the x11vnc CA\"\n"
|
||||
" echo \" key, all the applications need is the x11vnc CA certificate.\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"Your$estr private x11vnc $type key is:\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" $DIR/$dest.pem\"\n"
|
||||
" echo \"\"\n"
|
||||
" echo \" It will be needed by applications to identify themselves.\"\n"
|
||||
" echo \" This file should be kept secret.\"\n"
|
||||
" echo \"----------------------------------------------------------------------\"\n"
|
||||
" echo \"\"\n"
|
||||
" fi\n"
|
||||
"\n"
|
||||
" printf \"Press Enter to print the $dest.crt certificate to the screen: \"\n"
|
||||
" read x\n"
|
||||
" echo \"\"\n"
|
||||
" cat \"$DIR/$dest.crt\"\n"
|
||||
"}\n"
|
||||
"\n"
|
||||
"DIR=$BASE_DIR\n"
|
||||
"if [ \"x$DIR\" = \"x\" ]; then\n"
|
||||
" DIR=\"$HOME/dotkjr_vnc/certs\"\n"
|
||||
"fi\n"
|
||||
"if echo \"$DIR\" | grep '^/' > /dev/null; then\n"
|
||||
" :\n"
|
||||
"else\n"
|
||||
" DIR=\"`pwd`/$DIR\"\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"if [ \"x$HASHON\" != \"x\" ]; then\n"
|
||||
" for dir in \"$DIR/HASH\" \"$DIR/clients/HASH\"\n"
|
||||
" do\n"
|
||||
" if [ -d \"$dir\" ]; then\n"
|
||||
" rm -rf \"$dir\"\n"
|
||||
" fi\n"
|
||||
" done\n"
|
||||
" dir=\"$DIR/HASH\"\n"
|
||||
" mkdir -p \"$dir\" || exit 1\n"
|
||||
" dir=\"$DIR/clients/HASH\"\n"
|
||||
" mkdir -p \"$dir\" || exit 1\n"
|
||||
" HASH_verbose=1\n"
|
||||
" for f in \"$DIR\"/*.crt \"$DIR\"/clients/*.crt\n"
|
||||
" do\n"
|
||||
" if [ -f \"$f\" ]; then\n"
|
||||
" make_HASH \"$f\" 0\n"
|
||||
" fi\n"
|
||||
" done\n"
|
||||
" exit\n"
|
||||
"fi\n"
|
||||
"if [ \"x$HASHOFF\" != \"x\" ]; then\n"
|
||||
" dir=\"$DIR/HASH\"\n"
|
||||
" for dir in \"$DIR/HASH\" \"$DIR/clients/HASH\"\n"
|
||||
" do\n"
|
||||
" if [ -d \"$dir\" ]; then\n"
|
||||
" for f in \"$dir\"/*\n"
|
||||
" do\n"
|
||||
" if [ -f \"$f\" ]; then\n"
|
||||
" echo \"deleting: $f\"\n"
|
||||
" rm -f \"$f\"\n"
|
||||
" fi\n"
|
||||
" done\n"
|
||||
" rm -rf \"$dir\"\n"
|
||||
" fi\n"
|
||||
" done\n"
|
||||
" exit\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"PATH=/usr/bin:/bin:/usr/sbin:$PATH; export PATH\n"
|
||||
"if [ \"x$OPENSSL\" = \"x\" ]; then\n"
|
||||
" OPENSSL=\"openssl\"\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"type \"$OPENSSL\" > /dev/null || exit 1\n"
|
||||
"\n"
|
||||
"self=\"\"\n"
|
||||
"if [ \"x$SELF\" != \"x\" ]; then\n"
|
||||
" self=1\n"
|
||||
"elif [ \"x$1\" = \"x-self\" ]; then\n"
|
||||
" shift\n"
|
||||
" self=1\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"if [ \"x$TYPE\" != \"x\" ]; then\n"
|
||||
" type=\"$TYPE\"\n"
|
||||
"else\n"
|
||||
" if [ \"X$1\" != \"X\" ]; then\n"
|
||||
" type=\"$1\"\n"
|
||||
" shift\n"
|
||||
" fi\n"
|
||||
"fi\n"
|
||||
"if [ \"x$NAME\" != \"x\" ]; then\n"
|
||||
" name=\"$NAME\"\n"
|
||||
"else\n"
|
||||
" if [ \"X$1\" != \"X\" ]; then\n"
|
||||
" name=\"$1\"\n"
|
||||
" shift\n"
|
||||
" fi\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"if echo \"$name\" | grep '^self:' > /dev/null; then\n"
|
||||
" self=1\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"if [ \"x$type\" = \"xserver\" ]; then\n"
|
||||
" name0=\"$name\"\n"
|
||||
" if echo \"$name\" | grep '^-' > /dev/null; then\n"
|
||||
" :\n"
|
||||
" elif [ \"x$name\" != \"x\" ]; then\n"
|
||||
" name=\"-$name\";\n"
|
||||
" fi\n"
|
||||
" dest=\"server$name\"\n"
|
||||
"elif [ \"x$type\" = \"xclient\" ]; then\n"
|
||||
" if [ \"x$name\" = \"x\" ]; then\n"
|
||||
" name=\"nobody\"\n"
|
||||
" fi\n"
|
||||
" name0=\"$name\"\n"
|
||||
" dest=\"clients/$name\"\n"
|
||||
"else\n"
|
||||
" exit 1\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"#set -xv\n"
|
||||
"\n"
|
||||
"if [ \"x$INFO_ONLY\" != \"x\" ]; then\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"VNC Certificate file:\"\n"
|
||||
" echo \" $INFO_ONLY\"\n"
|
||||
" echo \"\"\n"
|
||||
" \"$OPENSSL\" x509 -text -in \"$INFO_ONLY\"\n"
|
||||
" exit \n"
|
||||
"elif [ \"x$DELETE_ONLY\" != \"x\" ]; then\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"VNC Certificate file:\"\n"
|
||||
" echo \" $DELETE_ONLY\"\n"
|
||||
" echo \"\"\n"
|
||||
" \n"
|
||||
" base=`echo \"$DELETE_ONLY\" | sed -e 's/\\....$//'`\n"
|
||||
" for suff in crt pem key req\n"
|
||||
" do\n"
|
||||
" try=\"$base.$suff\"\n"
|
||||
" if [ -f \"$try\" ]; then\n"
|
||||
" make_HASH \"$try\" 1\n"
|
||||
" rm -i \"$try\"\n"
|
||||
" fi\n"
|
||||
" done\n"
|
||||
" if echo \"$base\" | grep 'CA/cacert$' > /dev/null; then\n"
|
||||
" base2=`echo \"$base\" | sed -e 's,cacert$,private/cakey,'`\n"
|
||||
" else\n"
|
||||
" echo \"\"\n"
|
||||
" exit\n"
|
||||
" fi\n"
|
||||
" echo \"\"\n"
|
||||
" for suff in crt pem key req\n"
|
||||
" do\n"
|
||||
" try=\"$base2.$suff\"\n"
|
||||
" if [ -f \"$try\" ]; then\n"
|
||||
" make_HASH \"$try\" 1\n"
|
||||
" rm -i \"$try\"\n"
|
||||
" fi\n"
|
||||
" done\n"
|
||||
" echo \"\"\n"
|
||||
" exit \n"
|
||||
"elif [ \"x$ENCRYPT_ONLY\" != \"x\" ]; then\n"
|
||||
" if [ \"x$type\" = \"x\" ]; then\n"
|
||||
" type=\"server\"\n"
|
||||
" fi\n"
|
||||
" echo \"\"\n"
|
||||
" echo \"Key PEM file:\"\n"
|
||||
" echo \" $ENCRYPT_ONLY\"\n"
|
||||
" enc_key\n"
|
||||
" exit\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"if [ ! -d \"$DIR/tmp\" ]; then\n"
|
||||
" direrror \"$DIR/tmp\"\n"
|
||||
"fi\n"
|
||||
"bdir=`dirname \"$DIR/$dest.key\"`\n"
|
||||
"if [ ! -d \"$bdir\" ]; then\n"
|
||||
" direrror \"$bdir\"\n"
|
||||
"fi\n"
|
||||
"if [ ! -f \"$DIR/CA/cacert.pem\" ]; then\n"
|
||||
" direrror \"$DIR/CA/cacert.pem\"\n"
|
||||
"fi\n"
|
||||
"\n"
|
||||
"create_key\n"
|
||||
"enc_key\n"
|
||||
"sign_key\n"
|
||||
;
|
||||
|
||||
#endif /* _SSLTOOLS_H */
|
Loading…
Reference in new issue