feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of https://github.com/kaleb-himes/cyassl

Browse Source
This commit is contained in:
Jacob Barthelmeh
2014-12-29 13:00:07 -07:00
parent 894b888291 bd1ff08aa9
commit 67858df5e0
4 changed files with 40 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
certs/crl/gencrls.sh
View File

@ -5,53 +5,53 @@
# caCrl # caCrl
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
# metadata # metadata
openssl crl -in crl.pem -text > tmp openssl crl -in crl.pem -text > tmp
mv tmp crl.pem mv tmp crl.pem
# install (only needed if working outside cyassl) # install (only needed if working outside wolfssl)
#cp crl.pem ~/cyassl/certs/crl/crl.pem #cp crl.pem ~/wolfssl/certs/crl/crl.pem
# caCrl server revoked # caCrl server revoked
openssl ca -config ../renewcerts/cyassl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
# caCrl server revoked generation # caCrl server revoked generation
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
# metadata # metadata
openssl crl -in crl.revoked -text > tmp openssl crl -in crl.revoked -text > tmp
mv tmp crl.revoked mv tmp crl.revoked
# install (only needed if working outside cyassl) # install (only needed if working outside wolfssl)
#cp crl.revoked ~/cyassl/certs/crl/crl.revoked #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked
# remove revoked so next time through the normal CA won't have server revoked # remove revoked so next time through the normal CA won't have server revoked
cp blank.index.txt demoCA/index.txt cp blank.index.txt demoCA/index.txt
# cliCrl # cliCrl
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
# metadata # metadata
openssl crl -in cliCrl.pem -text > tmp openssl crl -in cliCrl.pem -text > tmp
mv tmp cliCrl.pem mv tmp cliCrl.pem
# install (only needed if working outside cyassl) # install (only needed if working outside wolfssl)
#cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
# eccCliCRL # eccCliCRL
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
# metadata # metadata
openssl crl -in eccCliCRL.pem -text > tmp openssl crl -in eccCliCRL.pem -text > tmp
mv tmp eccCliCRL.pem mv tmp eccCliCRL.pem
# install (only needed if working outside cyassl) # install (only needed if working outside wolfssl)
#cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
# eccSrvCRL # eccSrvCRL
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
# metadata # metadata
openssl crl -in eccSrvCRL.pem -text > tmp openssl crl -in eccSrvCRL.pem -text > tmp
mv tmp eccSrvCRL.pem mv tmp eccSrvCRL.pem
# install (only needed if working outside cyassl) # install (only needed if working outside wolfssl)
#cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem

34
certs/renewcerts.sh
View File

@ -8,7 +8,7 @@ function run_renewcerts(){
cd certs/ cd certs/
echo "" echo ""
#move the custom cnf into our working directory #move the custom cnf into our working directory
cp renewcerts/cyassl.cnf cyassl.cnf cp renewcerts/wolfssl.cnf wolfssl.cnf
# To generate these all in sha1 add the flag "-sha1" on appropriate lines # To generate these all in sha1 add the flag "-sha1" on appropriate lines
# That is all lines beginning with: "openssl req" # That is all lines beginning with: "openssl req"
@ -22,7 +22,7 @@ function run_renewcerts(){
echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
openssl x509 -req -in client-cert.csr -days 1000 -extfile cyassl.cnf -extensions cyassl_opts -signkey client-key.pem -out client-cert.pem openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key.pem -out client-cert.pem
rm client-cert.csr rm client-cert.csr
openssl x509 -in client-cert.pem -text > tmp.pem openssl x509 -in client-cert.pem -text > tmp.pem
@ -35,7 +35,7 @@ function run_renewcerts(){
#pipe the following arguments to openssl req... #pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -nodes -out ca-cert.csr echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -nodes -out ca-cert.csr
openssl x509 -req -in ca-cert.csr -days 1000 -extfile cyassl.cnf -extensions cyassl_opts -signkey ca-key.pem -out ca-cert.pem openssl x509 -req -in ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ca-key.pem -out ca-cert.pem
rm ca-cert.csr rm ca-cert.csr
openssl x509 -in ca-cert.pem -text > tmp.pem openssl x509 -in ca-cert.pem -text > tmp.pem
@ -48,7 +48,7 @@ function run_renewcerts(){
#pipe the following arguments to openssl req... #pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem
openssl x509 -req -in server-req.pem -extfile cyassl.cnf -extensions cyassl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem openssl x509 -req -in server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
rm server-req.pem rm server-req.pem
@ -64,7 +64,7 @@ function run_renewcerts(){
echo "" echo ""
echo -e "US\nMontana\nBozeman\nElliptic - RSAsig\nECC-RSAsig\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes > server-ecc-req.pem echo -e "US\nMontana\nBozeman\nElliptic - RSAsig\nECC-RSAsig\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes > server-ecc-req.pem
openssl x509 -req -in server-ecc-req.pem -extfile cyassl.cnf -extensions cyassl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-ecc-rsa.pem openssl x509 -req -in server-ecc-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-ecc-rsa.pem
rm server-ecc-req.pem rm server-ecc-req.pem
@ -79,7 +79,7 @@ function run_renewcerts(){
openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
echo "Changing directory to cyassl root..." echo "Changing directory to wolfssl root..."
echo "" echo ""
cd ../ cd ../
echo "Execute ./gencertbuf.pl..." echo "Execute ./gencertbuf.pl..."
@ -89,7 +89,7 @@ function run_renewcerts(){
########## generate the new crls ########################### ########## generate the new crls ###########################
############################################################ ############################################################
echo "Change directory to cyassl/certs" echo "Change directory to wolfssl/certs"
echo "" echo ""
cd certs cd certs
echo "We are back in the certs directory" echo "We are back in the certs directory"
@ -118,12 +118,12 @@ function run_renewcerts(){
echo "Performing final steps, cleaning up the file system..." echo "Performing final steps, cleaning up the file system..."
echo "" echo ""
rm ../cyassl.cnf rm ../wolfssl.cnf
rm blank.index.txt rm blank.index.txt
rm index.* rm index.*
rm crlnumber* rm crlnumber*
rm -r demoCA rm -r demoCA
echo "Removed ../cyassl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/" echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
echo "" echo ""
} }
@ -131,7 +131,7 @@ function run_renewcerts(){
#function for restoring a previous configure state #function for restoring a previous configure state
function restore_config(){ function restore_config(){
mv tmp.status config.status mv tmp.status config.status
mv tmp.options.h cyassl/options.h mv tmp.options.h wolfssl/options.h
make clean make clean
make -j 8 make -j 8
} }
@ -149,14 +149,14 @@ function move_ntru(){
#start in root. #start in root.
cd ../ cd ../
#if HAVE_NTRU already defined && there is no argument #if HAVE_NTRU already defined && there is no argument
if grep HAVE_NTRU "cyassl/options.h" && [ -z "$1" ] if grep HAVE_NTRU "wolfssl/options.h" && [ -z "$1" ]
then then
#run the function to renew the certs #run the function to renew the certs
run_renewcerts run_renewcerts
# run_renewcerts will end in the cyassl/certs/crl dir, backup to root. # run_renewcerts will end in the wolfssl/certs/crl dir, backup to root.
cd ../../ cd ../../
echo "changed directory to cyassl root directory." echo "changed directory to wolfssl root directory."
echo "" echo ""
############################################################ ############################################################
@ -197,7 +197,7 @@ else
echo "Saving the configure state" echo "Saving the configure state"
echo "" echo ""
cp config.status tmp.status cp config.status tmp.status
cp cyassl/options.h tmp.options.h cp wolfssl/options.h tmp.options.h
echo "Running make clean" echo "Running make clean"
echo "" echo ""
@ -217,11 +217,11 @@ else
# ntru in the default location # ntru in the default location
# if now defined # if now defined
if grep HAVE_NTRU "cyassl/options.h"; then if grep HAVE_NTRU "wolfssl/options.h"; then
run_renewcerts run_renewcerts
#run_renewcerts leaves us in cyassl/certs/crl, backup to root #run_renewcerts leaves us in wolfssl/certs/crl, backup to root
cd ../../ cd ../../
echo "changed directory to cyassl root directory." echo "changed directory to wolfssl root directory."
echo "" echo ""
move_ntru move_ntru

12
certs/renewcerts/cyassl.cnf → certs/renewcerts/wolfssl.cnf
View File

@ -1,5 +1,5 @@
# #
# cyassl configuration file # wolfssl configuration file
# #
HOME = . HOME = .
RANDFILE = $ENV::HOME/.rnd RANDFILE = $ENV::HOME/.rnd
@ -20,7 +20,7 @@ default_ca = CA_default # The default ca section
[ CA_default ] [ CA_default ]
#################################################################### ####################################################################
# CHANGE THIS LINE TO BE YOUR CYASSL_ROOT DIRECTORY # # CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY #
# # # #
dir = $HOME./.. # dir = $HOME./.. #
#################################################################### ####################################################################
@ -115,12 +115,12 @@ unstructuredName = An optional company name
# These extensions are added when 'ca' signs a request. # These extensions are added when 'ca' signs a request.
[ usr_cert ] [ usr_cert ]
basicConstraints=CA:FALSE basicConstraints=CA:FALSE
nsComment = "cyaSSL Generated Certificate using openSSL command line utility." nsComment = "wolfSSL Generated Certificate using openSSL command line utility."
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer authorityKeyIdentifier=keyid,issuer
#cyassl extensions #wolfssl extensions
[cyassl_opts] [wolfssl_opts]
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:true basicConstraints=CA:true
@ -143,7 +143,7 @@ authorityKeyIdentifier=keyid:always
# These extensions should be added when creating a proxy certificate # These extensions should be added when creating a proxy certificate
[ proxy_cert_ext ] [ proxy_cert_ext ]
basicConstraints=CA:FALSE basicConstraints=CA:FALSE
nsComment = "cyaSSL Generated Certificate using openSSL command line utility" nsComment = "wolfSSL Generated Certificate using openSSL command line utility"
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

2
certs/server-keyPkcs8Enc.pem
View File

@ -17,7 +17,7 @@ gnrwMDO3JvH89CwlHRizVSQl59ViqEMGLmbHThcMqkEOkFphB2xox7/IOVyp6cFn
mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb
5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe 5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe
qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY
CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVCYAoFncLTp5vHBtdmg CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVWOLFoFncLTp5vHBtdmg
6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN 6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN
yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo
Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a