From a73851746b2efeb00e8ba29e241ba06f783b729e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 25 Feb 2016 15:34:38 +0100 Subject: util.openssl: Allow order of distinguished name fields to be included in config --- util/openssl.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/util/openssl.lua b/util/openssl.lua index 12e49eac..757259f6 100644 --- a/util/openssl.lua +++ b/util/openssl.lua @@ -70,8 +70,7 @@ function ssl_config:serialize() end end elseif k == "distinguished_name" then - for i=1, #DN_order do - local k = DN_order[i] + for i, k in ipairs(t[1] and t or DN_order) do local v = t[k]; if v then s = s .. ("%s = %s\n"):format(k, v); -- cgit v1.2.3 From 8ab7986edb7a479ff085ce83528de4a587eb5a0c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 25 Feb 2016 15:35:44 +0100 Subject: prosodyctl: Allow a DN path to be given to 'cert generate' command (fixes #349) --- prosodyctl | 53 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/prosodyctl b/prosodyctl index aa4999c9..95e091de 100755 --- a/prosodyctl +++ b/prosodyctl @@ -698,30 +698,43 @@ function cert_commands.config(arg) if use_existing(conf_filename) then return nil, conf_filename; end + local distinguished_name; + if arg[#arg]:find("^/") then + distinguished_name = table.remove(arg); + end local conf = openssl.config.new(); conf:from_prosody(hosts, config, arg); - show_message("Please provide details to include in the certificate config file."); - show_message("Leave the field empty to use the default value or '.' to exclude the field.") - for i, k in ipairs(openssl._DN_order) do - local v = conf.distinguished_name[k]; - if v then - local nv; - if k == "commonName" then - v = arg[1] - elseif k == "emailAddress" then - v = "xmpp@" .. arg[1]; - elseif k == "countryName" then - local tld = arg[1]:match"%.([a-z]+)$"; - if tld and #tld == 2 and tld ~= "uk" then - v = tld:upper(); + if distinguished_name then + local dn = {}; + for k, v in distinguished_name:gmatch("/([^=/]+)=([^/]+)") do + table.insert(dn, k); + dn[k] = v; + end + conf.distinguished_name = dn; + else + show_message("Please provide details to include in the certificate config file."); + show_message("Leave the field empty to use the default value or '.' to exclude the field.") + for i, k in ipairs(openssl._DN_order) do + local v = conf.distinguished_name[k]; + if v then + local nv; + if k == "commonName" then + v = arg[1] + elseif k == "emailAddress" then + v = "xmpp@" .. arg[1]; + elseif k == "countryName" then + local tld = arg[1]:match"%.([a-z]+)$"; + if tld and #tld == 2 and tld ~= "uk" then + v = tld:upper(); + end end + nv = show_prompt(("%s (%s):"):format(k, nv or v)); + nv = (not nv or nv == "") and v or nv; + if nv:find"[\192-\252][\128-\191]+" then + conf.req.string_mask = "utf8only" + end + conf.distinguished_name[k] = nv ~= "." and nv or nil; end - nv = show_prompt(("%s (%s):"):format(k, nv or v)); - nv = (not nv or nv == "") and v or nv; - if nv:find"[\192-\252][\128-\191]+" then - conf.req.string_mask = "utf8only" - end - conf.distinguished_name[k] = nv ~= "." and nv or nil; end end local conf_file, err = io.open(conf_filename, "w"); -- cgit v1.2.3 From 14ddd031ce06a21be7aae239b95cb393b3fb7f10 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 25 Feb 2016 15:36:12 +0100 Subject: certs/Makefile: Add target for generating DH params --- certs/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/certs/Makefile b/certs/Makefile index 96361748..b3011a89 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -60,3 +60,7 @@ keysize=2048 %.key: umask 0077 && openssl genrsa -out $@ $(keysize) @chmod 400 $@ -c + +# Generate Diffie-Hellman parameters +dh-%.pem: + openssl dhparam -out $@ $* -- cgit v1.2.3