public-inbox.git  about / heads / tags
an "archives first" approach to mailing lists
blob b287cec5842626fc7b32304413c14cb8596bffd7 3594 bytes (raw)
$ git show v1.4.0:certs/create-certs.perl	# shows this blob on the CLI

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
#!/usr/bin/perl -w
# License: GPL-1.0+ or Artistic-1.0-Perl
# from IO::Socket::SSL 2.063 / https://github.com/noxxi/p5-io-socket-ssl
use strict;
use warnings;
use IO::Socket::SSL::Utils;
use Net::SSLeay;

my $dir = -d 'certs' && -f 'Makefile.PL' ? './certs/' : './';
my $now = time();
my $later = 0x7fffffff; # 2038 problems on 32-bit :<

Net::SSLeay::SSLeay_add_ssl_algorithms();
my $sha256 = Net::SSLeay::EVP_get_digestbyname('sha256') or die;
my $printfp = sub {
    my ($w,$cert) = @_;
    print $w.' sha256$'.unpack('H*',Net::SSLeay::X509_digest($cert, $sha256))."\n"
};

my %time_valid = (not_before => $now, not_after => $later);

my @ca = CERT_create(
    CA => 1,
    subject => { CN => 'IO::Socket::SSL Demo CA' },
    %time_valid,
);
save('test-ca.pem',PEM_cert2string($ca[0]));

my @server = CERT_create(
    CA => 0,
    subject => { CN => 'server.local' },
    purpose => 'server',
    issuer => \@ca,
    %time_valid,
);
save('server-cert.pem',PEM_cert2string($server[0]));
save('server-key.pem',PEM_key2string($server[1]));
$printfp->(server => $server[0]);

@server = CERT_create(
    CA => 0,
    subject => { CN => 'server2.local' },
    purpose => 'server',
    issuer => \@ca,
    %time_valid,
);
save('server2-cert.pem',PEM_cert2string($server[0]));
save('server2-key.pem',PEM_key2string($server[1]));
$printfp->(server2 => $server[0]);

@server = CERT_create(
    CA => 0,
    subject => { CN => 'server-ecc.local' },
    purpose => 'server',
    issuer => \@ca,
    key => KEY_create_ec(),
    %time_valid,
);
save('server-ecc-cert.pem',PEM_cert2string($server[0]));
save('server-ecc-key.pem',PEM_key2string($server[1]));
$printfp->('server-ecc' => $server[0]);


my @client = CERT_create(
    CA => 0,
    subject => { CN => 'client.local' },
    purpose => 'client',
    issuer => \@ca,
    %time_valid,
);
save('client-cert.pem',PEM_cert2string($client[0]));
save('client-key.pem',PEM_key2string($client[1]));
$printfp->(client => $client[0]);

my @swc = CERT_create(
    CA => 0,
    subject => { CN => 'server.local' },
    purpose => 'server',
    issuer => \@ca,
    subjectAltNames => [
	[ DNS => '*.server.local' ],
	[ IP => '127.0.0.1' ],
	[ DNS => 'www*.other.local' ],
	[ DNS => 'smtp.mydomain.local' ],
	[ DNS => 'xn--lwe-sna.idntest.local' ]
    ],
    %time_valid,
);
save('server-wildcard.pem',PEM_cert2string($swc[0]),PEM_key2string($swc[1]));


my @subca = CERT_create(
    CA => 1,
    issuer => \@ca,
    subject => { CN => 'IO::Socket::SSL Demo Sub CA' },
    %time_valid,
);
save('test-subca.pem',PEM_cert2string($subca[0]));
@server = CERT_create(
    CA => 0,
    subject => { CN => 'server.local' },
    purpose => 'server',
    issuer => \@subca,
    %time_valid,
);
save('sub-server.pem',PEM_cert2string($server[0]).PEM_key2string($server[1]));



my @cap = CERT_create(
    CA => 1,
    subject => { CN => 'IO::Socket::SSL::Intercept' },
    %time_valid,
);
save('proxyca.pem',PEM_cert2string($cap[0]).PEM_key2string($cap[1]));

sub save {
    my $file = shift;
    open(my $fd,'>',$dir.$file) or die $!;
    print $fd @_;
}

system(<<CMD);
cd $dir
set -x
openssl x509 -in server-cert.pem -out server-cert.der -outform der
openssl rsa -in server-key.pem -out server-key.der -outform der
openssl rsa -in server-key.pem -out server-key.enc -passout pass:bluebell
openssl rsa -in client-key.pem -out client-key.enc -passout pass:opossum
openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server.p12 -passout pass:
openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server_enc.p12 -passout pass:bluebell
CMD

git clone https://public-inbox.org/public-inbox.git
git clone http://7fh6tueqddpjyxjmgtdiueylzoqt6pt7hec3pukyptlmohoowvhde4yd.onion/public-inbox.git