affine/jobserv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CNs cant be arbitrary

Browse source
This commit is contained in:
Aidan Hahn 2019-05-19 14:25:25 -07:00
parent f7776e7269
commit 8982353f0a
No known key found for this signature in database
GPG key ID: 327711E983899316
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
buildwrapper.sh
View file

@ -1,13 +1,14 @@
#!/bin/sh #!/bin/sh
read -p "Enter Server CN (localhost or address): " SRVNAME
read -p "Enter Client CN (localhost or address): " CLTNAME
SERVER_CA_CN=jobserv-server-ca SERVER_CA_CN=jobserv-server-ca
SERVER_CN=jobserv-server
SERVER_PATH=resources/server SERVER_PATH=resources/server
CLIENT_CA_CN=jobserv-client-ca CLIENT_CA_CN=jobserv-client-ca
CLIENT_CN=jobserv-client
CLIENT_PATH=resources/client CLIENT_PATH=resources/client
TEST_CA_CN=jobserv-bad-cert-ca TEST_CA_CN=jobserv-bad-cert-ca
TEST_CN=jobserv-bad-cert TEST_CN=localhost
TEST_PATH=resources/test TEST_PATH=resources/test
# refactor this to test for directory existanc # refactor this to test for directory existanc
@ -43,7 +44,7 @@ openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.
echo "[+] Generating Server key" echo "[+] Generating Server key"
openssl genrsa -passout pass:${SRVCAPASS} -aes256 -out $SERVER_PATH/private.key 4096 openssl genrsa -passout pass:${SRVCAPASS} -aes256 -out $SERVER_PATH/private.key 4096
echo "[+] Generating Server signing request" echo "[+] Generating Server signing request"
openssl req -passin pass:${SRVCAPASS} -new -key $SERVER_PATH/private.key -out $SERVER_PATH/request.csr -subj "/CN=${SERVER_CN}" openssl req -passin pass:${SRVCAPASS} -new -key $SERVER_PATH/private.key -out $SERVER_PATH/request.csr -subj "/CN=${SRVNAME}"
echo "[+] Generating Server certificate " echo "[+] Generating Server certificate "
openssl x509 -req -passin pass:${SRVCAPASS} -days 365 -in $SERVER_PATH/request.csr -CA $SERVER_PATH/ca.crt -CAkey $SERVER_PATH/ca.key -set_serial 01 -out $SERVER_PATH/server.crt openssl x509 -req -passin pass:${SRVCAPASS} -days 365 -in $SERVER_PATH/request.csr -CA $SERVER_PATH/ca.crt -CAkey $SERVER_PATH/ca.key -set_serial 01 -out $SERVER_PATH/server.crt
echo "[+] Removing passphrase from server key" echo "[+] Removing passphrase from server key"
@ -53,7 +54,7 @@ openssl rsa -passin pass:${SRVCAPASS} -in $SERVER_PATH/private.key -out $SERVER_
echo "[+] Generating Client key" echo "[+] Generating Client key"
openssl genrsa -passout pass:${CLTCAPASS} -aes256 -out $CLIENT_PATH/private.key 4096 openssl genrsa -passout pass:${CLTCAPASS} -aes256 -out $CLIENT_PATH/private.key 4096
echo "[+] Generating Client signing request" echo "[+] Generating Client signing request"
openssl req -passin pass:${CLTCAPASS} -new -key $CLIENT_PATH/private.key -out $CLIENT_PATH/request.csr -subj "/CN=${CLIENT_CN}" openssl req -passin pass:${CLTCAPASS} -new -key $CLIENT_PATH/private.key -out $CLIENT_PATH/request.csr -subj "/CN=${CLTNAME}"
echo "[+] Generating Client certificate " echo "[+] Generating Client certificate "
openssl x509 -req -passin pass:${CLTCAPASS} -days 365 -in $CLIENT_PATH/request.csr -CA $CLIENT_PATH/ca.crt -CAkey $CLIENT_PATH/ca.key -set_serial 01 -out $CLIENT_PATH/client.crt openssl x509 -req -passin pass:${CLTCAPASS} -days 365 -in $CLIENT_PATH/request.csr -CA $CLIENT_PATH/ca.crt -CAkey $CLIENT_PATH/ca.key -set_serial 01 -out $CLIENT_PATH/client.crt
echo "[+] Removing passphrase from client key" echo "[+] Removing passphrase from client key"