X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=tools%2Fgenssl;h=e4d5bf1f40b11190cb4351963b0829bd528d3ceb;hb=02497bfa999da26c19a92d8620c35bb97f1da711;hp=13b1f01fc9d6d1f928c6b99654633c19453740bd;hpb=35d80008d6cb55160d06dda51aebc716c4d6511b;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/tools/genssl b/tools/genssl index 13b1f01fc..e4d5bf1f4 100755 --- a/tools/genssl +++ b/tools/genssl @@ -21,30 +21,31 @@ BEGIN { - require 5.8.0; + require 5.10.0; } +use feature ':5.10'; use strict; use warnings FATAL => qw(all); use File::Temp(); # IMPORTANT: This script has to be able to run by itself so that it can be used -# by binary distributions where the make/utilities.pm module will not +# by binary distributions where the make/console.pm module will not # be available! sub prompt($$) { my ($question, $default) = @_; - return prompt_string(1, $question, $default) if eval 'use make::console; 1'; - print "$question\n"; + return prompt_string(1, $question, $default) if eval 'use FindBin;use lib $FindBin::RealDir;use make::console; 1'; + say $question; print "[$default] => "; chomp(my $answer = ); - print "\n"; + say ''; return $answer ? $answer : $default; } if ($#ARGV != 0 || $ARGV[0] !~ /^(?:auto|gnutls|openssl)$/i) { - print "Syntax: genssl \n"; + say STDERR "Usage: $0 "; exit 1; } @@ -65,14 +66,14 @@ if ($tool eq 'auto') { } elsif ($has_openssl) { $tool = 'openssl'; } else { - print STDERR "SSL generation failed: could not find $certtool or openssl in the PATH!\n"; + say STDERR "SSL generation failed: could not find $certtool or openssl in the PATH!"; exit 1; } } elsif ($tool eq 'gnutls' && !$has_gnutls) { - print STDERR "SSL generation failed: could not find '$certtool' in the PATH!\n"; + say STDERR "SSL generation failed: could not find '$certtool' in the PATH!"; exit 1; } elsif ($tool eq 'openssl' && !$has_openssl) { - print STDERR "SSL generation failed: could not find 'openssl' in the PATH!\n"; + say STDERR 'SSL generation failed: could not find \'openssl\' in the PATH!'; exit 1; } @@ -118,6 +119,7 @@ __GNUTLS_END__ close($tmp); $status ||= system "$certtool --generate-privkey $sec_param --outfile key.pem"; $status ||= system "$certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem --template $tmp"; + $status ||= system "$certtool --generate-request --load-privkey key.pem --outfile csr.pem --template $tmp"; $status ||= system "$certtool --generate-dh-params $sec_param --outfile dhparams.pem"; $dercert = `$certtool --certificate-info --infile cert.pem --outder` unless $status; } elsif ($tool eq 'openssl') { @@ -130,21 +132,25 @@ $organization $unit $common_name $email +. +$organization __OPENSSL_END__ close($tmp); $status ||= system "cat $tmp | openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days $days 2>/dev/null"; + $status ||= system "cat $tmp | openssl req -new -nodes -key key.pem -out csr.pem 2>/dev/null"; $status ||= system 'openssl dhparam -out dhparams.pem 2048'; $dercert = `openssl x509 -in cert.pem -outform DER` unless $status; } if ($status) { - print STDERR "SSL generation failed: $tool exited with a non-zero status!\n"; + say STDERR "SSL generation failed: $tool exited with a non-zero status!"; exit 1; } if (defined $dercert && eval 'use Digest::SHA; 1') { my $hash = Digest::SHA->new(256); $hash->add($dercert); - print "\nAdd this TLSA record to your domain for DANE support:\n"; - print "_6697._tcp." . $common_name . " TLSA 3 0 1 " . $hash->hexdigest . "\n"; + say ''; + say 'If you are using the self-signed certificate then add this TLSA record to your domain for DANE support:'; + say "_6697._tcp." . $common_name . " TLSA 3 0 1 " . $hash->hexdigest; }