Software / code / prosody
Annotate
certs/makefile @ 13278:aa17086a9c8a
mod_saslauth: Derive hash from certificate per tls-server-end-point
This originally used a WIP implementation of cert:sigalg(), a method to
retrieve certificate signature algorithm, but it was never submitted
upstream. https://github.com/Zash/luasec/tree/zash/sigalg
cert:getsignaturename() was merged in
https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049
XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 29 Jun 2021 00:22:36 +0200 |
| parent | 8593:c4222e36333c |
| rev | line source |
|---|---|
|
8593
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 .DEFAULT: localhost.crt |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 keysize=2048 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 # How to: |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 # First, `make yourhost.cnf` which creates a openssl config file. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 # Then edit this file and fill in the details you want it to have, |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 # and add or change hosts and components it should cover. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # Then `make yourhost.key` to create your private key, you can |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 # include keysize=number to change the size of the key. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 # Then you can either `make yourhost.csr` to generate a certificate |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 # signing request that you can submit to a CA, or `make yourhost.crt` |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 # to generate a self signed certificate. |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 ${.TARGETS:M*.crt}: |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout ${.TARGET:R}.key \ |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 -days 365 -sha256 -out $@ -utf8 -subj /CN=${.TARGET:R} |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
|
c4222e36333c
Add makefiles compatible with BSD make
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 .SUFFIXES: .key .crt |
