From a73851746b2efeb00e8ba29e241ba06f783b729e Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 25 Feb 2016 15:34:38 +0100
Subject: util.openssl: Allow order of distinguished name fields to be included
in config
---
util/openssl.lua | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/util/openssl.lua b/util/openssl.lua
index 12e49eac..757259f6 100644
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -70,8 +70,7 @@ function ssl_config:serialize()
end
end
elseif k == "distinguished_name" then
- for i=1, #DN_order do
- local k = DN_order[i]
+ for i, k in ipairs(t[1] and t or DN_order) do
local v = t[k];
if v then
s = s .. ("%s = %s\n"):format(k, v);
--
cgit v1.2.3
From 8ab7986edb7a479ff085ce83528de4a587eb5a0c Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 25 Feb 2016 15:35:44 +0100
Subject: prosodyctl: Allow a DN path to be given to 'cert generate' command
(fixes #349)
---
prosodyctl | 53 +++++++++++++++++++++++++++++++++--------------------
1 file changed, 33 insertions(+), 20 deletions(-)
diff --git a/prosodyctl b/prosodyctl
index aa4999c9..95e091de 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -698,30 +698,43 @@ function cert_commands.config(arg)
if use_existing(conf_filename) then
return nil, conf_filename;
end
+ local distinguished_name;
+ if arg[#arg]:find("^/") then
+ distinguished_name = table.remove(arg);
+ end
local conf = openssl.config.new();
conf:from_prosody(hosts, config, arg);
- show_message("Please provide details to include in the certificate config file.");
- show_message("Leave the field empty to use the default value or '.' to exclude the field.")
- for i, k in ipairs(openssl._DN_order) do
- local v = conf.distinguished_name[k];
- if v then
- local nv;
- if k == "commonName" then
- v = arg[1]
- elseif k == "emailAddress" then
- v = "xmpp@" .. arg[1];
- elseif k == "countryName" then
- local tld = arg[1]:match"%.([a-z]+)$";
- if tld and #tld == 2 and tld ~= "uk" then
- v = tld:upper();
+ if distinguished_name then
+ local dn = {};
+ for k, v in distinguished_name:gmatch("/([^=/]+)=([^/]+)") do
+ table.insert(dn, k);
+ dn[k] = v;
+ end
+ conf.distinguished_name = dn;
+ else
+ show_message("Please provide details to include in the certificate config file.");
+ show_message("Leave the field empty to use the default value or '.' to exclude the field.")
+ for i, k in ipairs(openssl._DN_order) do
+ local v = conf.distinguished_name[k];
+ if v then
+ local nv;
+ if k == "commonName" then
+ v = arg[1]
+ elseif k == "emailAddress" then
+ v = "xmpp@" .. arg[1];
+ elseif k == "countryName" then
+ local tld = arg[1]:match"%.([a-z]+)$";
+ if tld and #tld == 2 and tld ~= "uk" then
+ v = tld:upper();
+ end
end
+ nv = show_prompt(("%s (%s):"):format(k, nv or v));
+ nv = (not nv or nv == "") and v or nv;
+ if nv:find"[\192-\252][\128-\191]+" then
+ conf.req.string_mask = "utf8only"
+ end
+ conf.distinguished_name[k] = nv ~= "." and nv or nil;
end
- nv = show_prompt(("%s (%s):"):format(k, nv or v));
- nv = (not nv or nv == "") and v or nv;
- if nv:find"[\192-\252][\128-\191]+" then
- conf.req.string_mask = "utf8only"
- end
- conf.distinguished_name[k] = nv ~= "." and nv or nil;
end
end
local conf_file, err = io.open(conf_filename, "w");
--
cgit v1.2.3
From 14ddd031ce06a21be7aae239b95cb393b3fb7f10 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 25 Feb 2016 15:36:12 +0100
Subject: certs/Makefile: Add target for generating DH params
---
certs/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/certs/Makefile b/certs/Makefile
index 96361748..b3011a89 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -60,3 +60,7 @@ keysize=2048
%.key:
umask 0077 && openssl genrsa -out $@ $(keysize)
@chmod 400 $@ -c
+
+# Generate Diffie-Hellman parameters
+dh-%.pem:
+ openssl dhparam -out $@ $*
--
cgit v1.2.3