--- /dev/null
+TLSCF:=$(shell libgnutls-config --cflags)
+TLSLF:=$(shell libgnutls-config --libs)
+
+CFLAGS=-O2 -Iinclude -g -Wall -W -Wno-parentheses -Wstrict-prototypes -Wmissing-prototypes -Wundef -Wredundant-decls -std=gnu99 $(TLSCF)
+LDFLAGS=$(TLSLF)
+
+all: submitd
+
+submitd: submitd.o lib/libucw.a lib/libsh.a
+submitd.o: submitd.c
+
+certs:
+ certtool --generate-privkey --outfile ca-key.pem
+ certtool --generate-privkey --outfile ca-key.pem --template ca-cert.tpl
+ certtool --generate-privkey --outfile server-key.pem
+ certtool --generate-request --load-privkey server-key.pem --outfile server-req.pem --template server-cert.tpl
+ certtool --generate-certificate --load-request server-req.pem --outfile server-cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server-cert.tpl
+ # Beware of serial numbers
+
+clean:
+ rm -f `find . -name "*~" -or -name "*.[oa]" -or -name "\#*\#" -or -name TAGS -or -name core -or -name .depend -or -name .#*`
+ rm -f submitd
--- /dev/null
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "MO-Eval"
+
+# The organizational unit of the subject.
+#unit = "MO-Eval"
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+#state = "xx"
+
+# The country of the subject. Two letter code.
+#country = CZ
+
+# The common name of the certificate owner.
+cn = "Submit Server"
+
+# A user id of the certificate owner.
+#uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
+
+# This is deprecated and should not be used in new
+# certificates.
+# pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 001
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 700
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+#dns_name = "www.none.org"
+
+# An IP address in case of a server.
+#ip_address = "192.168.1.1"
+
+# An email in case of a person
+email = "mj@ucw.cz"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+#crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is prefered to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+#ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
--- /dev/null
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "MO-Eval"
+
+# The organizational unit of the subject.
+#unit = "MO-Eval"
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+#state = "xx"
+
+# The country of the subject. Two letter code.
+#country = CZ
+
+# The common name of the certificate owner.
+cn = "Submit Server"
+
+# A user id of the certificate owner.
+#uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
+
+# This is deprecated and should not be used in new
+# certificates.
+# pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 001
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 700
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "localhost"
+
+# An IP address in case of a server.
+#ip_address = "192.168.1.1"
+
+# An email in case of a person
+#email = "mj@ucw.cz"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+#crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+# Whether this is a CA certificate or not
+#ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is prefered to use different
+# keys for encryption and signing.
+encryption_key
+
+# Whether this key will be used to sign other certificates.
+#cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+#ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
--- /dev/null
+#include "lib/lib.h"
+
+#include <gnutls/gnutls.h>
+
+static gnutls_certificate_credentials_t cert_cred;
+
+int main(void)
+{
+ int err;
+
+ gnutls_global_init();
+ err = gnutls_certificate_allocate_credentials(&cert_cred);
+ if (err)
+ die("Unable to allocate credentials: %s", gnutls_strerror(err));
+ err = gnutls_certificate_set_x509_trust_file(cert_cred, "ca-cert.pem", GNUTLS_X509_FMT_PEM);
+ if (!err)
+ die("No CA certificate found");
+ if (err < 0)
+ die("Unable to load X509 trust file: %s", gnutls_strerror(err));
+ err = gnutls_certificate_set_x509_key_file(cert_cred, "server-cert.pem", "server-key.pem", GNUTLS_X509_FMT_PEM);
+ if (err < 0)
+ die("Unable to load X509 key file: %s", gnutls_strerror(err));
+
+ gnutls_global_deinit();
+ return 0;
+}
projects / eval.git / commitdiff