SSLproxy/extra/pki/GNUmakefile
2012-04-30 22:48:19 +02:00

115 lines
2.8 KiB
Makefile

# inherited
VERSION?= unknown
OPENSSL?= openssl
MKDIR?= mkdir
# OpenSSL settings
CA_SUBJECT?= '/C=CH/O=SSLsplit Root CA/CN=SSLsplit Root CA/'
CA_DAYS?= 3650
CA_EXT:= v3_ca
CRT_SUBJECT?= '/C=CH/O=SSLsplit Test Certificate/CN=daniel.roe.ch/'
CRT_DAYS?= 365
CRT_EXT:= v3_crt
CONFIG:= x509v3ca.cnf
PASSWORD:= test
all: rsa dsa ec targets server pwd
session: session.pem
dh: dh512.param dh1024.param dh2048.param
rsa: rsa.pem
pwd: pwd.key
dsa: dsa.pem
ec: ec.pem
server: server.pem
dh512.param:
$(OPENSSL) dhparam -out $@ -2 512
dh1024.param:
$(OPENSSL) dhparam -out $@ -2 1024
dh2048.param:
$(OPENSSL) dhparam -out $@ -2 2048
dsa.param:
$(OPENSSL) dsaparam -out $@ 1024
dsa.key: dsa.param
$(OPENSSL) gendsa -out $@ $<
rsa.key:
$(OPENSSL) genrsa -out $@ 1024
pwd.key: rsa.key
echo $(PASSWORD) | $(OPENSSL) rsa -in $< -out $@ -aes128 -passout stdin
ec.key:
$(OPENSSL) ecparam -out $@ -name prime192v1 -genkey
%.crt: %.key $(CONFIG)
$(OPENSSL) req -new -nodes -x509 -sha1 -out $@ -key $< \
-config $(CONFIG) -extensions $(CA_EXT) \
-subj $(CA_SUBJECT) \
-set_serial 0 -days $(CA_DAYS)
server.key:
$(OPENSSL) genrsa -out $@ 1024
server.crt: server.key $(CONFIG)
$(OPENSSL) req -new -nodes -x509 -sha1 -out $@ -key $< \
-config $(CONFIG) -extensions $(CRT_EXT) \
-subj $(CRT_SUBJECT) \
-set_serial 42 -days $(CRT_DAYS)
%.pem: %.crt %.key
cat $^ >$@
targets: rsa.crt
$(MKDIR) -p targets
$(OPENSSL) genrsa -out targets/daniel.roe.ch.key 1024
$(OPENSSL) req -new -sha1 -subj '/C=CH/CN=daniel.roe.ch/' \
-key targets/daniel.roe.ch.key \
-out targets/daniel.roe.ch.csr
$(OPENSSL) x509 -req -sha1 -CAcreateserial -days 365 \
-CA rsa.crt -CAkey rsa.key \
-in targets/daniel.roe.ch.csr \
-out targets/daniel.roe.ch.crt
cat targets/daniel.roe.ch.crt targets/daniel.roe.ch.key rsa.crt \
>targets/daniel.roe.ch.pem
$(RM) targets/daniel.roe.ch.{key,csr,crt}
$(OPENSSL) genrsa -out targets/wildcard.roe.ch.key 1024
$(OPENSSL) req -new -sha1 -subj '/C=CH/CN=*.roe.ch/' \
-key targets/wildcard.roe.ch.key \
-out targets/wildcard.roe.ch.csr
$(OPENSSL) x509 -req -sha1 -CAcreateserial -days 365 \
-CA rsa.crt -CAkey rsa.key \
-in targets/wildcard.roe.ch.csr \
-out targets/wildcard.roe.ch.crt
cat targets/wildcard.roe.ch.crt targets/wildcard.roe.ch.key rsa.crt \
>targets/wildcard.roe.ch.pem
$(RM) targets/wildcard.roe.ch.{key,csr,crt} rsa.srl
# openssl s_server cannot be easily controlled from scripts; it is
# more robust to just connect to a real server to create a session
session.pem:
( \
echo 'GET /test/SSLsplit-$(VERSION) HTTP/1.1'; \
echo 'Host: daniel.roe.ch'; \
echo 'Connection: close'; \
echo ) | $(OPENSSL) s_client -connect daniel.roe.ch:443 \
-quiet -crlf -no_ign_eof -sess_out $@ >/dev/null 2>&1
test -r $@
clean:
rm -rf rsa.* dsa.* ec.* dh*.param targets *.srl session.pem server.*
.PHONY: all clean rsa dsa ec dh dhall session