diff options
author | marha <marha@users.sourceforge.net> | 2009-06-28 22:07:26 +0000 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2009-06-28 22:07:26 +0000 |
commit | 3562e78743202e43aec8727005182a2558117eca (patch) | |
tree | 8f9113a77d12470c5c851a2a8e4cb02e89df7d43 /openssl/apps/CA.com | |
download | vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.gz vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.bz2 vcxsrv-3562e78743202e43aec8727005182a2558117eca.zip |
Checked in the following released items:
xkeyboard-config-1.4.tar.gz
ttf-bitstream-vera-1.10.tar.gz
font-alias-1.0.1.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sony-misc-1.0.0.tar.gz
font-schumacher-misc-1.0.0.tar.gz
font-mutt-misc-1.0.0.tar.gz
font-misc-misc-1.0.0.tar.gz
font-misc-meltho-1.0.0.tar.gz
font-micro-misc-1.0.0.tar.gz
font-jis-misc-1.0.0.tar.gz
font-isas-misc-1.0.0.tar.gz
font-dec-misc-1.0.0.tar.gz
font-daewoo-misc-1.0.0.tar.gz
font-cursor-misc-1.0.0.tar.gz
font-arabic-misc-1.0.0.tar.gz
font-winitzki-cyrillic-1.0.0.tar.gz
font-misc-cyrillic-1.0.0.tar.gz
font-cronyx-cyrillic-1.0.0.tar.gz
font-screen-cyrillic-1.0.1.tar.gz
font-xfree86-type1-1.0.1.tar.gz
font-adobe-utopia-type1-1.0.1.tar.gz
font-ibm-type1-1.0.0.tar.gz
font-bitstream-type1-1.0.0.tar.gz
font-bitstream-speedo-1.0.0.tar.gz
font-bh-ttf-1.0.0.tar.gz
font-bh-type1-1.0.0.tar.gz
font-bitstream-100dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-100dpi-1.0.0.tar.gz
font-bh-100dpi-1.0.0.tar.gz
font-adobe-utopia-100dpi-1.0.1.tar.gz
font-adobe-100dpi-1.0.0.tar.gz
font-util-1.0.1.tar.gz
font-bitstream-75dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-75dpi-1.0.0.tar.gz
font-adobe-utopia-75dpi-1.0.1.tar.gz
font-bh-75dpi-1.0.0.tar.gz
bdftopcf-1.0.1.tar.gz
font-adobe-75dpi-1.0.0.tar.gz
mkfontscale-1.0.6.tar.gz
openssl-0.9.8k.tar.gz
bigreqsproto-1.0.2.tar.gz
xtrans-1.2.2.tar.gz
resourceproto-1.0.2.tar.gz
inputproto-1.4.4.tar.gz
compositeproto-0.4.tar.gz
damageproto-1.1.0.tar.gz
zlib-1.2.3.tar.gz
xkbcomp-1.0.5.tar.gz
freetype-2.3.9.tar.gz
pthreads-w32-2-8-0-release.tar.gz
pixman-0.12.0.tar.gz
kbproto-1.0.3.tar.gz
evieext-1.0.2.tar.gz
fixesproto-4.0.tar.gz
recordproto-1.13.2.tar.gz
randrproto-1.2.2.tar.gz
scrnsaverproto-1.1.0.tar.gz
renderproto-0.9.3.tar.gz
xcmiscproto-1.1.2.tar.gz
fontsproto-2.0.2.tar.gz
xextproto-7.0.3.tar.gz
xproto-7.0.14.tar.gz
libXdmcp-1.0.2.tar.gz
libxkbfile-1.0.5.tar.gz
libfontenc-1.0.4.tar.gz
libXfont-1.3.4.tar.gz
libX11-1.1.5.tar.gz
libXau-1.0.4.tar.gz
libxcb-1.1.tar.gz
xorg-server-1.5.3.tar.gz
Diffstat (limited to 'openssl/apps/CA.com')
-rw-r--r-- | openssl/apps/CA.com | 220 |
1 files changed, 220 insertions, 0 deletions
diff --git a/openssl/apps/CA.com b/openssl/apps/CA.com new file mode 100644 index 000000000..02682e424 --- /dev/null +++ b/openssl/apps/CA.com @@ -0,0 +1,220 @@ +$! CA - wrapper around ca to make it easier to use ... basically ca requires +$! some setup stuff to be done before you can use it and this makes +$! things easier between now and when Eric is convinced to fix it :-) +$! +$! CA -newca ... will setup the right stuff +$! CA -newreq ... will generate a certificate request +$! CA -sign ... will sign the generated request and output +$! +$! At the end of that grab newreq.pem and newcert.pem (one has the key +$! and the other the certificate) and cat them together and that is what +$! you want/need ... I'll make even this a little cleaner later. +$! +$! +$! 12-Jan-96 tjh Added more things ... including CA -signcert which +$! converts a certificate to a request and then signs it. +$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG +$! environment variable so this can be driven from +$! a script. +$! 25-Jul-96 eay Cleaned up filenames some more. +$! 11-Jun-96 eay Fixed a few filename missmatches. +$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'. +$! 18-Apr-96 tjh Original hacking +$! +$! Tim Hudson +$! tjh@cryptsoft.com +$! +$! +$! default ssleay.cnf file has setup as per the following +$! demoCA ... where everything is stored +$ +$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF +$ +$ DAYS = "-days 365" +$ REQ = openssl + " req " + SSLEAY_CONFIG +$ CA = openssl + " ca " + SSLEAY_CONFIG +$ VERIFY = openssl + " verify" +$ X509 = openssl + " x509" +$ PKCS12 = openssl + " pkcs12" +$ echo = "write sys$Output" +$! +$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;" +$ CATOP := 's'.demoCA +$ CAKEY := ]cakey.pem +$ CACERT := ]cacert.pem +$ +$ __INPUT := SYS$COMMAND +$ RET = 1 +$! +$ i = 1 +$opt_loop: +$ if i .gt. 8 then goto opt_loop_end +$ +$ prog_opt = F$EDIT(P'i',"lowercase") +$ +$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") +$ THEN +$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" +$ exit +$ ENDIF +$! +$ IF (prog_opt .EQS. "-input") +$ THEN +$ ! Get input from somewhere other than SYS$COMMAND +$ i = i + 1 +$ __INPUT = P'i' +$ GOTO opt_loop_continue +$ ENDIF +$! +$ IF (prog_opt .EQS. "-newcert") +$ THEN +$ ! Create a certificate. +$ DEFINE/USER SYS$INPUT '__INPUT' +$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' +$ RET=$STATUS +$ echo "Certificate (and private key) is in newreq.pem" +$ GOTO opt_loop_continue +$ ENDIF +$! +$ IF (prog_opt .EQS. "-newreq") +$ THEN +$ ! Create a certificate request +$ DEFINE/USER SYS$INPUT '__INPUT' +$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' +$ RET=$STATUS +$ echo "Request (and private key) is in newreq.pem" +$ GOTO opt_loop_continue +$ ENDIF +$! +$ IF (prog_opt .EQS. "-newca") +$ THEN +$ ! If explicitly asked for or it doesn't exist then setup the directory +$ ! structure that Eric likes to manage things. +$ IF F$SEARCH(CATOP+"]serial.") .EQS. "" +$ THEN +$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'] +$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs] +$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl] +$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts] +$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private] +$ +$ OPEN /WRITE ser_file 'CATOP']serial. +$ WRITE ser_file "01" +$ CLOSE ser_file +$ APPEND/NEW NL: 'CATOP']index.txt +$ +$ ! The following is to make sure access() doesn't get confused. It +$ ! really needs one file in the directory to give correct answers... +$ COPY NLA0: 'CATOP'.certs].; +$ COPY NLA0: 'CATOP'.crl].; +$ COPY NLA0: 'CATOP'.newcerts].; +$ COPY NLA0: 'CATOP'.private].; +$ ENDIF +$! +$ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. "" +$ THEN +$ READ '__INPUT' FILE - + /PROMT="CA certificate filename (or enter to create)" +$ IF F$SEARCH(FILE) .NES. "" +$ THEN +$ COPY 'FILE' 'CATOP'.private'CAKEY' +$ RET=$STATUS +$ ELSE +$ echo "Making CA certificate ..." +$ DEFINE/USER SYS$INPUT '__INPUT' +$ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' - + -out 'CATOP''CACERT' 'DAYS' +$ RET=$STATUS +$ ENDIF +$ ENDIF +$ GOTO opt_loop_continue +$ ENDIF +$! +$ IF (prog_opt .EQS. "-pkcs12") +$ THEN +$ i = i + 1 +$ cname = P'i' +$ IF cname .EQS. "" THEN cname = "My certificate" +$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT - + -out newcert.p12 -export -name "''cname'" +$ RET=$STATUS +$ exit RET +$ ENDIF +$! +$ IF (prog_opt .EQS. "-xsign") +$ THEN +$! +$ DEFINE/USER SYS$INPUT '__INPUT' +$ CA -policy policy_anything -infiles newreq.pem +$ RET=$STATUS +$ GOTO opt_loop_continue +$ ENDIF +$! +$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) +$ THEN +$! +$ DEFINE/USER SYS$INPUT '__INPUT' +$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem +$ RET=$STATUS +$ type newcert.pem +$ echo "Signed certificate is in newcert.pem" +$ GOTO opt_loop_continue +$ ENDIF +$! +$ IF (prog_opt .EQS. "-signcert") +$ THEN +$! +$ echo "Cert passphrase will be requested twice - bug?" +$ DEFINE/USER SYS$INPUT '__INPUT' +$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem +$ DEFINE/USER SYS$INPUT '__INPUT' +$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem +y +y +$ type newcert.pem +$ echo "Signed certificate is in newcert.pem" +$ GOTO opt_loop_continue +$ ENDIF +$! +$ IF (prog_opt .EQS. "-verify") +$ THEN +$! +$ i = i + 1 +$ IF (p'i' .EQS. "") +$ THEN +$ DEFINE/USER SYS$INPUT '__INPUT' +$ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem +$ ELSE +$ j = i +$ verify_opt_loop: +$ IF j .GT. 8 THEN GOTO verify_opt_loop_end +$ IF p'j' .NES. "" +$ THEN +$ DEFINE/USER SYS$INPUT '__INPUT' +$ __tmp = p'j' +$ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp' +$ tmp=$STATUS +$ IF tmp .NE. 0 THEN RET=tmp +$ ENDIF +$ j = j + 1 +$ GOTO verify_opt_loop +$ verify_opt_loop_end: +$ ENDIF +$ +$ GOTO opt_loop_end +$ ENDIF +$! +$ IF (prog_opt .NES. "") +$ THEN +$! +$ echo "Unknown argument ''prog_opt'" +$ +$ EXIT 3 +$ ENDIF +$ +$opt_loop_continue: +$ i = i + 1 +$ GOTO opt_loop +$ +$opt_loop_end: +$ EXIT 'RET' |