user/dev discussion of public-inbox itself
 help / color / Atom feed
476be4d7f90dc2df09593deef6dd88a124301aa5 blob 3548 bytes (raw)

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
#!/usr/bin/perl -w
# License: GPL-1.0+ or Artistic-1.0-Perl
# from IO::Socket::SSL 2.063 / https://github.com/noxxi/p5-io-socket-ssl
use strict;
use warnings;
use IO::Socket::SSL::Utils;
use Net::SSLeay;

my $dir = "./";
my $now = time();
my $later = 0x7fffffff; # 2038 problems on 32-bit :<

Net::SSLeay::SSLeay_add_ssl_algorithms();
my $sha256 = Net::SSLeay::EVP_get_digestbyname('sha256') or die;
my $printfp = sub {
    my ($w,$cert) = @_;
    print $w.' sha256$'.unpack('H*',Net::SSLeay::X509_digest($cert, $sha256))."\n"
};

my %time_valid = (not_before => $now, not_after => $later);

my @ca = CERT_create(
    CA => 1,
    subject => { CN => 'IO::Socket::SSL Demo CA' },
    %time_valid,
);
save('test-ca.pem',PEM_cert2string($ca[0]));

my @server = CERT_create(
    CA => 0,
    subject => { CN => 'server.local' },
    purpose => 'server',
    issuer => \@ca,
    %time_valid,
);
save('server-cert.pem',PEM_cert2string($server[0]));
save('server-key.pem',PEM_key2string($server[1]));
$printfp->(server => $server[0]);

@server = CERT_create(
    CA => 0,
    subject => { CN => 'server2.local' },
    purpose => 'server',
    issuer => \@ca,
    %time_valid,
);
save('server2-cert.pem',PEM_cert2string($server[0]));
save('server2-key.pem',PEM_key2string($server[1]));
$printfp->(server2 => $server[0]);

@server = CERT_create(
    CA => 0,
    subject => { CN => 'server-ecc.local' },
    purpose => 'server',
    issuer => \@ca,
    key => KEY_create_ec(),
    %time_valid,
);
save('server-ecc-cert.pem',PEM_cert2string($server[0]));
save('server-ecc-key.pem',PEM_key2string($server[1]));
$printfp->('server-ecc' => $server[0]);


my @client = CERT_create(
    CA => 0,
    subject => { CN => 'client.local' },
    purpose => 'client',
    issuer => \@ca,
    %time_valid,
);
save('client-cert.pem',PEM_cert2string($client[0]));
save('client-key.pem',PEM_key2string($client[1]));
$printfp->(client => $client[0]);

my @swc = CERT_create(
    CA => 0,
    subject => { CN => 'server.local' },
    purpose => 'server',
    issuer => \@ca,
    subjectAltNames => [
	[ DNS => '*.server.local' ],
	[ IP => '127.0.0.1' ],
	[ DNS => 'www*.other.local' ],
	[ DNS => 'smtp.mydomain.local' ],
	[ DNS => 'xn--lwe-sna.idntest.local' ]
    ],
    %time_valid,
);
save('server-wildcard.pem',PEM_cert2string($swc[0]),PEM_key2string($swc[1]));


my @subca = CERT_create(
    CA => 1,
    issuer => \@ca,
    subject => { CN => 'IO::Socket::SSL Demo Sub CA' },
    %time_valid,
);
save('test-subca.pem',PEM_cert2string($subca[0]));
@server = CERT_create(
    CA => 0,
    subject => { CN => 'server.local' },
    purpose => 'server',
    issuer => \@subca,
    %time_valid,
);
save('sub-server.pem',PEM_cert2string($server[0]).PEM_key2string($server[1]));



my @cap = CERT_create(
    CA => 1,
    subject => { CN => 'IO::Socket::SSL::Intercept' },
    %time_valid,
);
save('proxyca.pem',PEM_cert2string($cap[0]).PEM_key2string($cap[1]));

sub save {
    my $file = shift;
    open(my $fd,'>',$dir.$file) or die $!;
    print $fd @_;
}

system(<<CMD);
cd $dir
set -x
openssl x509 -in server-cert.pem -out server-cert.der -outform der
openssl rsa -in server-key.pem -out server-key.der -outform der
openssl rsa -in server-key.pem -out server-key.enc -passout pass:bluebell
openssl rsa -in client-key.pem -out client-key.enc -passout pass:opossum
openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server.p12 -passout pass:
openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server_enc.p12 -passout pass:bluebell
CMD
debug log:

solving 476be4d7 ...
found 476be4d7 in https://80x24.org/public-inbox.git

user/dev discussion of public-inbox itself

Archives are clonable:
	git clone --mirror https://public-inbox.org/meta
	git clone --mirror http://czquwvybam4bgbro.onion/meta
	git clone --mirror http://hjrcffqmbrq6wope.onion/meta
	git clone --mirror http://ou63pmih66umazou.onion/meta

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.mail.public-inbox.meta
	nntp://ou63pmih66umazou.onion/inbox.comp.mail.public-inbox.meta
	nntp://czquwvybam4bgbro.onion/inbox.comp.mail.public-inbox.meta
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.mail.public-inbox.meta
	nntp://news.gmane.org/gmane.mail.public-inbox.general

 note: .onion URLs require Tor: https://www.torproject.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox