Import Upstream version 1.0.39

README

@@ -0,0 +1,4 @@
+This is a quicky package to enable unattended installs of software that need to
+create ssl certificates. 
+Basically, it's just a wrapper for openssl req that feeds it the correct user
+variables to create self-signed certificates.

make-ssl-cert

@@ -0,0 +1,132 @@
+#!/bin/bash -e
+# This is a mockup of a script to produce a snakeoil cert
+# The aim is to have a debconfisable ssl-certificate script
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+db_capb backup
+
+ask_via_debconf() {
+    RET=""
+    if db_settitle make-ssl-cert/title ; then
+	: # OK
+    else
+	echo Debconf failed with error code $? $RET >&2
+	echo Maybe your debconf database is corrupt. >&2
+	echo Try re-installing ssl-cert. >&2
+    fi
+
+    RET=""
+    while [ "x$RET" = "x" ]; do
+	db_fset make-ssl-cert/hostname seen false
+	db_input high make-ssl-cert/hostname || true
+	db_go
+	db_get make-ssl-cert/hostname
+    done
+    
+    db_get make-ssl-cert/hostname
+    HostName="$RET"
+    db_fset make-ssl-cert/hostname seen false
+
+    db_fset make-ssl-cert/altname seen false
+    db_input high make-ssl-cert/altname || true
+    db_go
+    db_get make-ssl-cert/altname
+    AddAltName="$RET"
+    db_fset make-ssl-cert/altname seen false
+    SubjectAltName="DNS:$HostName"
+    [ -z "$AddAltName" ] || SubjectAltName="$SubjectAltName,$AddAltName"
+}
+
+make_snakeoil() {
+    if ! HostName="$(hostname -f)" ; then
+        HostName="$(hostname)"
+        echo make-ssl-cert: Could not get FQDN, using \"$HostName\".
+        echo make-ssl-cert: You may want to fix your /etc/hosts and/or DNS setup and run
+        echo make-ssl-cert: 'make-ssl-cert generate-default-snakeoil --force-overwrite'
+        echo make-ssl-cert: again.
+    fi
+    SubjectAltName="DNS:$HostName"
+    if [ ${#HostName} -gt 64 ] ; then
+        HostName="$(hostname)"
+    fi
+}
+
+create_temporary_cnf() {
+    sed -e s#@HostName@#"$HostName"# -e s#@SubjectAltName@#"$SubjectAltName"# $template > $TMPFILE
+}
+
+# Takes two arguments, the base layout and the output cert.
+
+if [ $# -lt 2 ] && [ "$1" != "generate-default-snakeoil" ]; then
+    printf "Usage: $0 template output [--force-overwrite]\n";
+    printf "Usage: $0 generate-default-snakeoil [--force-overwrite]\n";
+    exit 1;
+fi
+
+if [ "$1" != "generate-default-snakeoil" ]; then
+    template="$1"
+    output="$2"
+    # be anal in manual mode.
+    if [ ! -f $template ]; then
+	printf "Could not open template file: $template!\n";
+	exit 1;
+    fi
+    if [ -f $output ] && [ "$3" != "--force-overwrite" ]; then
+        printf "$output file already exists!\n";
+        exit 1;
+    fi
+    ask_via_debconf
+else
+    template="/usr/share/ssl-cert/ssleay.cnf"
+    if [ -f "/etc/ssl/certs/ssl-cert-snakeoil.pem" ] && [ -f "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then
+        if [ "$2" != "--force-overwrite" ]; then
+             exit 0
+        fi
+    fi
+    make_snakeoil
+fi
+
+# # should be a less common char
+# problem is that openssl virtually accepts everything and we need to
+# sacrifice one char.
+
+TMPFILE="$(mktemp)" || exit 1
+TMPOUT="$(mktemp)"  || exit 1
+
+trap "rm -f $TMPFILE $TMPOUT" EXIT
+
+create_temporary_cnf
+
+# create the certificate.
+
+umask 077
+
+if [ "$1" != "generate-default-snakeoil" ]; then
+    if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \
+	-out $output -keyout $output > $TMPOUT 2>&1
+    then
+	echo Could not create certificate. Openssl output was: >&2
+	cat $TMPOUT >&2
+	exit 1
+    fi
+    chmod 600 $output
+    # hash symlink
+    cd $(dirname $output)
+    ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output))
+else
+    if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \
+	-out /etc/ssl/certs/ssl-cert-snakeoil.pem \
+        -keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1
+    then
+	echo Could not create certificate. Openssl output was: >&2
+	cat $TMPOUT >&2
+	exit 1
+    fi
+    chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem
+    chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key
+    chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
+    # hash symlink
+    cd /etc/ssl/certs/
+    ln -sf ssl-cert-snakeoil.pem $(openssl x509 -hash -noout -in ssl-cert-snakeoil.pem)
+fi

make-ssl-cert.8

@@ -0,0 +1,33 @@
+.TH make-ssl-cert 8
+.SH NAME
+make-ssl-cert - Debconf wrapper for openssl
+.SH SYNOPSIS
+.B make-ssl-cert
+\fItemplate\fR \fIoutput-certificate\fR [\fB\-\-force\-overwrite\fR]
+.br
+.B make-ssl-cert generate-default-snakeoil
+[\fB\-\-force\-overwrite\fR]
+.br
+.SH "DESCRIPTION"
+make-ssl-cert is a simple debconf to openssl wrapper to create self-signed
+certificates.
+It requires a source template (Ex: /usr/share/ssl-cert/ssleay.cnf)
+and it will place the new generated certificate in the specified
+output file.
+.br
+Invoked with "generate-default-snakeoil", it will generate
+/etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key.
+.SH OPTIONS
+A summary of options are included below.
+.TP
+.B \-\-force\-overwrite
+Use this option
+.B ONLY
+when strictly required since it will overwrite the output certificate.
+.SH "SEE ALSO"
+.IR "openssl" (1)
+.SH AUTHOR
+The program author is Thom May <thom@debian.org>, manual
+page was written for completness by Fabio M. Di Nitto
+<fabbione@fabbione.net>, for the Debian GNU/Linux system
+(but may be used by others).

ssleay.cnf

@@ -0,0 +1,21 @@
+#
+# SSLeay example configuration file.
+#
+
+RANDFILE                = /dev/urandom
+
+[ req ]
+default_bits            = 2048
+default_keyfile         = privkey.pem
+distinguished_name      = req_distinguished_name
+prompt                  = no
+policy			= policy_anything
+req_extensions          = v3_req
+x509_extensions         = v3_req
+
+[ req_distinguished_name ]
+commonName                      = @HostName@
+
+[ v3_req ]
+basicConstraints        = CA:FALSE
+subjectAltName          = @SubjectAltName@