aboutsummaryrefslogtreecommitdiff
path: root/openssl/apps/CA.com
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2009-06-28 22:07:26 +0000
committermarha <marha@users.sourceforge.net>2009-06-28 22:07:26 +0000
commit3562e78743202e43aec8727005182a2558117eca (patch)
tree8f9113a77d12470c5c851a2a8e4cb02e89df7d43 /openssl/apps/CA.com
downloadvcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.gz
vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.bz2
vcxsrv-3562e78743202e43aec8727005182a2558117eca.zip
Checked in the following released items:
xkeyboard-config-1.4.tar.gz ttf-bitstream-vera-1.10.tar.gz font-alias-1.0.1.tar.gz font-sun-misc-1.0.0.tar.gz font-sun-misc-1.0.0.tar.gz font-sony-misc-1.0.0.tar.gz font-schumacher-misc-1.0.0.tar.gz font-mutt-misc-1.0.0.tar.gz font-misc-misc-1.0.0.tar.gz font-misc-meltho-1.0.0.tar.gz font-micro-misc-1.0.0.tar.gz font-jis-misc-1.0.0.tar.gz font-isas-misc-1.0.0.tar.gz font-dec-misc-1.0.0.tar.gz font-daewoo-misc-1.0.0.tar.gz font-cursor-misc-1.0.0.tar.gz font-arabic-misc-1.0.0.tar.gz font-winitzki-cyrillic-1.0.0.tar.gz font-misc-cyrillic-1.0.0.tar.gz font-cronyx-cyrillic-1.0.0.tar.gz font-screen-cyrillic-1.0.1.tar.gz font-xfree86-type1-1.0.1.tar.gz font-adobe-utopia-type1-1.0.1.tar.gz font-ibm-type1-1.0.0.tar.gz font-bitstream-type1-1.0.0.tar.gz font-bitstream-speedo-1.0.0.tar.gz font-bh-ttf-1.0.0.tar.gz font-bh-type1-1.0.0.tar.gz font-bitstream-100dpi-1.0.0.tar.gz font-bh-lucidatypewriter-100dpi-1.0.0.tar.gz font-bh-100dpi-1.0.0.tar.gz font-adobe-utopia-100dpi-1.0.1.tar.gz font-adobe-100dpi-1.0.0.tar.gz font-util-1.0.1.tar.gz font-bitstream-75dpi-1.0.0.tar.gz font-bh-lucidatypewriter-75dpi-1.0.0.tar.gz font-adobe-utopia-75dpi-1.0.1.tar.gz font-bh-75dpi-1.0.0.tar.gz bdftopcf-1.0.1.tar.gz font-adobe-75dpi-1.0.0.tar.gz mkfontscale-1.0.6.tar.gz openssl-0.9.8k.tar.gz bigreqsproto-1.0.2.tar.gz xtrans-1.2.2.tar.gz resourceproto-1.0.2.tar.gz inputproto-1.4.4.tar.gz compositeproto-0.4.tar.gz damageproto-1.1.0.tar.gz zlib-1.2.3.tar.gz xkbcomp-1.0.5.tar.gz freetype-2.3.9.tar.gz pthreads-w32-2-8-0-release.tar.gz pixman-0.12.0.tar.gz kbproto-1.0.3.tar.gz evieext-1.0.2.tar.gz fixesproto-4.0.tar.gz recordproto-1.13.2.tar.gz randrproto-1.2.2.tar.gz scrnsaverproto-1.1.0.tar.gz renderproto-0.9.3.tar.gz xcmiscproto-1.1.2.tar.gz fontsproto-2.0.2.tar.gz xextproto-7.0.3.tar.gz xproto-7.0.14.tar.gz libXdmcp-1.0.2.tar.gz libxkbfile-1.0.5.tar.gz libfontenc-1.0.4.tar.gz libXfont-1.3.4.tar.gz libX11-1.1.5.tar.gz libXau-1.0.4.tar.gz libxcb-1.1.tar.gz xorg-server-1.5.3.tar.gz
Diffstat (limited to 'openssl/apps/CA.com')
-rw-r--r--openssl/apps/CA.com220
1 files changed, 220 insertions, 0 deletions
diff --git a/openssl/apps/CA.com b/openssl/apps/CA.com
new file mode 100644
index 000000000..02682e424
--- /dev/null
+++ b/openssl/apps/CA.com
@@ -0,0 +1,220 @@
+$! CA - wrapper around ca to make it easier to use ... basically ca requires
+$! some setup stuff to be done before you can use it and this makes
+$! things easier between now and when Eric is convinced to fix it :-)
+$!
+$! CA -newca ... will setup the right stuff
+$! CA -newreq ... will generate a certificate request
+$! CA -sign ... will sign the generated request and output
+$!
+$! At the end of that grab newreq.pem and newcert.pem (one has the key
+$! and the other the certificate) and cat them together and that is what
+$! you want/need ... I'll make even this a little cleaner later.
+$!
+$!
+$! 12-Jan-96 tjh Added more things ... including CA -signcert which
+$! converts a certificate to a request and then signs it.
+$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+$! environment variable so this can be driven from
+$! a script.
+$! 25-Jul-96 eay Cleaned up filenames some more.
+$! 11-Jun-96 eay Fixed a few filename missmatches.
+$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'.
+$! 18-Apr-96 tjh Original hacking
+$!
+$! Tim Hudson
+$! tjh@cryptsoft.com
+$!
+$!
+$! default ssleay.cnf file has setup as per the following
+$! demoCA ... where everything is stored
+$
+$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
+$
+$ DAYS = "-days 365"
+$ REQ = openssl + " req " + SSLEAY_CONFIG
+$ CA = openssl + " ca " + SSLEAY_CONFIG
+$ VERIFY = openssl + " verify"
+$ X509 = openssl + " x509"
+$ PKCS12 = openssl + " pkcs12"
+$ echo = "write sys$Output"
+$!
+$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
+$ CATOP := 's'.demoCA
+$ CAKEY := ]cakey.pem
+$ CACERT := ]cacert.pem
+$
+$ __INPUT := SYS$COMMAND
+$ RET = 1
+$!
+$ i = 1
+$opt_loop:
+$ if i .gt. 8 then goto opt_loop_end
+$
+$ prog_opt = F$EDIT(P'i',"lowercase")
+$
+$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help")
+$ THEN
+$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify"
+$ exit
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-input")
+$ THEN
+$ ! Get input from somewhere other than SYS$COMMAND
+$ i = i + 1
+$ __INPUT = P'i'
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newcert")
+$ THEN
+$ ! Create a certificate.
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
+$ RET=$STATUS
+$ echo "Certificate (and private key) is in newreq.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newreq")
+$ THEN
+$ ! Create a certificate request
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
+$ RET=$STATUS
+$ echo "Request (and private key) is in newreq.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newca")
+$ THEN
+$ ! If explicitly asked for or it doesn't exist then setup the directory
+$ ! structure that Eric likes to manage things.
+$ IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$ THEN
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
+$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$
+$ OPEN /WRITE ser_file 'CATOP']serial.
+$ WRITE ser_file "01"
+$ CLOSE ser_file
+$ APPEND/NEW NL: 'CATOP']index.txt
+$
+$ ! The following is to make sure access() doesn't get confused. It
+$ ! really needs one file in the directory to give correct answers...
+$ COPY NLA0: 'CATOP'.certs].;
+$ COPY NLA0: 'CATOP'.crl].;
+$ COPY NLA0: 'CATOP'.newcerts].;
+$ COPY NLA0: 'CATOP'.private].;
+$ ENDIF
+$!
+$ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$ THEN
+$ READ '__INPUT' FILE -
+ /PROMT="CA certificate filename (or enter to create)"
+$ IF F$SEARCH(FILE) .NES. ""
+$ THEN
+$ COPY 'FILE' 'CATOP'.private'CAKEY'
+$ RET=$STATUS
+$ ELSE
+$ echo "Making CA certificate ..."
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
+ -out 'CATOP''CACERT' 'DAYS'
+$ RET=$STATUS
+$ ENDIF
+$ ENDIF
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-pkcs12")
+$ THEN
+$ i = i + 1
+$ cname = P'i'
+$ IF cname .EQS. "" THEN cname = "My certificate"
+$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
+ -out newcert.p12 -export -name "''cname'"
+$ RET=$STATUS
+$ exit RET
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-xsign")
+$ THEN
+$!
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ CA -policy policy_anything -infiles newreq.pem
+$ RET=$STATUS
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
+$ THEN
+$!
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+$ RET=$STATUS
+$ type newcert.pem
+$ echo "Signed certificate is in newcert.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-signcert")
+$ THEN
+$!
+$ echo "Cert passphrase will be requested twice - bug?"
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+y
+y
+$ type newcert.pem
+$ echo "Signed certificate is in newcert.pem"
+$ GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-verify")
+$ THEN
+$!
+$ i = i + 1
+$ IF (p'i' .EQS. "")
+$ THEN
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$ ELSE
+$ j = i
+$ verify_opt_loop:
+$ IF j .GT. 8 THEN GOTO verify_opt_loop_end
+$ IF p'j' .NES. ""
+$ THEN
+$ DEFINE/USER SYS$INPUT '__INPUT'
+$ __tmp = p'j'
+$ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$ tmp=$STATUS
+$ IF tmp .NE. 0 THEN RET=tmp
+$ ENDIF
+$ j = j + 1
+$ GOTO verify_opt_loop
+$ verify_opt_loop_end:
+$ ENDIF
+$
+$ GOTO opt_loop_end
+$ ENDIF
+$!
+$ IF (prog_opt .NES. "")
+$ THEN
+$!
+$ echo "Unknown argument ''prog_opt'"
+$
+$ EXIT 3
+$ ENDIF
+$
+$opt_loop_continue:
+$ i = i + 1
+$ GOTO opt_loop
+$
+$opt_loop_end:
+$ EXIT 'RET'