cryptonas/conf-examples/start_stunnel.sh
lars 87af175764 fixed some ssl detection stuff
disabled 'help' plugin for now
enabled some ownership checks in CryptoBoxRootActions
documentation updates for proxy and ssl configurations
2006-12-14 00:23:10 +00:00

42 lines
1.3 KiB
Bash
Executable file

#!/bin/sh
#
# This script creates a stunnel certificate for https
# and starts a tunnel from :80 to :443. It's meant as en example so
# use it with care.
#
# An example for the openssl config file can be found in
# conf-examples/openssl.cnf .
#
set -eu
test $# -ne 2 && echo "Usage: $(basename $0) OPENSSL_CONF_FILE CERT_FILE" && exit 1
TMP_FILE=/tmp/cryptobox-cert.tmp
## vcert values are in openssl.conf
#OPENSSL_CONF_FILE="../conf-examples/openssl.cnf"
OPENSSL_CONF_FILE="$1"
## filename for the created cert
#CERTFILE="cryptobox.cert"
CERTFILE="$2"
## source & destination ports
SRC_PORT="8080"
DST_PORT="443"
[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2
# this command creates the certificate
# the "\n" are required, because the certbuilding asks for 5 returns
echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE"
chmod 600 "$CERTFILE"
# next step needs a lot of randomdata
dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024
openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE"
rm "$TMP_FILE"
## print out cert values
#openssl x509 -subject -dates -fingerprint -in stunnel.pem
stunnel -p ${CERTFILE} -r localhost:${SRC_PORT} -d ${DST_PORT}