Ejemplo n.º 1
0
int
ca_create(struct ca *ca)
{
	char			 cmd[PATH_MAX * 2];
	char			 path[PATH_MAX];

	snprintf(path, sizeof(path), "%s/private/ca.key", ca->sslpath);
	snprintf(cmd, sizeof(cmd), "%s genrsa -aes256 -out"
	    " %s -passout file:%s 2048", PATH_OPENSSL,
	    path, ca->passfile);
	system(cmd);
	chmod(path, 0600);

	snprintf(path, sizeof(path), "%s/private/ca.csr", ca->sslpath);
	snprintf(cmd, sizeof(cmd), "env CERT_CN='VPN CA' %s req %s-new"
	    " -key %s/private/ca.key"
	    " -config %s -out %s -passin file:%s", PATH_OPENSSL,
	    ca->batch, ca->sslpath, ca->sslcnf, path, ca->passfile);
	system(cmd);
	chmod(path, 0600);

	snprintf(cmd, sizeof(cmd), "%s x509 -req -days 365"
	    " -in %s/private/ca.csr -signkey %s/private/ca.key"
	    " -extfile %s -extensions x509v3_CA -out %s/ca.crt -passin file:%s",
	    PATH_OPENSSL, ca->sslpath, ca->sslpath, ca->extcnf, ca->sslpath,
	    ca->passfile);
	system(cmd);

	/* Create the CRL revocation list */
	ca_revoke(ca, NULL);

	return (0);
}
Ejemplo n.º 2
0
int
ca_opt(struct parse_result *res)
{
	struct ca	*ca;
	size_t		 len;
	char		*p;

	ca = ca_setup(res->caname, (res->action == CA_CREATE),
	    res->quiet, res->pass);
	if (ca == NULL)
		errx(1, "ca_setup failed");

	/* assume paths are relative to /etc if not absolute */
	if (res->path && (res->path[0] != '.') && (res->path[0] != '/')) {
		len = 5 + strlen(res->path) + 1;
		if ((p = malloc(len)) == NULL)
			err(1, "malloc");
		snprintf(p, len, "/etc/%s", res->path);
		free(res->path);
		res->path = p;
	}

	switch (res->action) {
	case CA_CREATE:
		ca_create(ca);
		break;
	case CA_DELETE:
		ca_delete(ca);
		break;
	case CA_INSTALL:
		ca_install(ca, res->path);
		break;
	case CA_EXPORT:
		ca_export(ca, NULL, res->peer, res->pass);
		break;
	case CA_CERT_CREATE:
	case CA_SERVER:
	case CA_CLIENT:
	case CA_OCSP:
		ca_certificate(ca, res->host, res->htype, res->action);
		break;
	case CA_CERT_DELETE:
		ca_delkey(ca, res->host);
		break;
	case CA_CERT_INSTALL:
		ca_cert_install(ca, res->host, res->path);
		break;
	case CA_CERT_EXPORT:
		ca_export(ca, res->host, res->peer, res->pass);
		break;
	case CA_CERT_REVOKE:
		ca_revoke(ca, res->host);
		break;
	case SHOW_CA_CERTIFICATES:
		ca_show_certs(ca, res->host);
		break;
	case CA_KEY_CREATE:
		ca_key_create(ca, res->host);
		break;
	case CA_KEY_DELETE:
		ca_key_delete(ca, res->host);
		break;
	case CA_KEY_INSTALL:
		ca_key_install(ca, res->host, res->path);
		break;
	case CA_KEY_IMPORT:
		ca_key_import(ca, res->host, res->path);
		break;
	case CA_SUBCA_CREATE:
		ca_subca_create(ca, res->subcaname, res->pass, res->quiet);
		break;
	case CA_SUBCA_REVOKE:
		ca_subca_revoke(ca, res->subcaname);
		break;
	default:
		break;
	}

	return (0);
}