# Umbrella script to provide *SSL environment # and helper functions PATH="`pwd`:$PATH" CADIR=`pwd | cut -d':' -f1 | sed s/compile/etc/` # include the ssl and crypto libs by means of LD_LIBRARY_PATH #export LD_LIBRARY_PATH="/home/ucspi/_SSL/libressl-3.7.2/ssl/.libs:/home/ucspi/_SSL/libressl-3.7.2/crypto/.libs" export LD_LIBRARY_PATH="/home/ucspi/_SSL/openssl-3.2.0-alpha2" rm -rf rts-tmp mkdir rts-tmp cd rts-tmp CAFILE="$CADIR/rootCA_cert.pem" if [ ! -f $CAFILE ] then echo "$CAFILE does no exist!" exit 1 fi CERTFILE="$CADIR/::1_cert.pem" if [ ! -f $CERTFILE ] then echo "$CERTFILE does no exist!" exit 1 fi CHAINFILE="$CADIR/chain6.pem" if [ ! -f $CHAINFILE ] then echo "$CHAINFILE does no exist!" exit 1 fi KEYFILE="$CADIR/::1_key.pem" if [ ! -f $KEYFILE ] then echo "$KEYFILE does no exist!" exit 1 fi CCAFILE="$CADIR/rootCA_cert.pem" if [ ! -f $CCAFILE ] then echo "$CCAFILE does no exist!" exit 1 fi CCERTFILE="$CADIR/localhost_cert.pem" if [ ! -f $CCERTFILE ] then echo "$CCERTFILE does no exist!" exit 1 fi CKEYFILE="$CADIR/localhost_key.pem" if [ ! -f $CKEYFILE ] then echo "$CKEYFILE does no exist!" exit 1 fi DHFILE="$CADIR/dh2048.pem" if [ ! -f $DHFILE ] then echo "$DHFILE does no exist!" exit 1 fi export CADIR CAFILE CCAFILE CERTFILE CHAINFILE KEYFILE CCERTFILE CKEYFILE DHFILE # Create ./print file echo '#!/bin/sh # trap "" 13 echo "" echo PROTO="$PROTO" echo SSLLOCALHOST="${SSLLOCALHOST-unset}" echo SSLLOCALIP="${SSLLOCALIP-unset}" echo SSLLOCALPORT="${SSLLOCALPORT-unset}" echo SSLREMOTEHOST="${SSLREMOTEHOST-unset}" echo SSLREMOTEIP="${SSLREMOTEIP-unset}" echo SSLREMOTEPORT="${SSLREMOTEPORT-unset}" echo SSLREMOTEINFO="${SSLREMOTEINFO-unset}" echo TCPLOCALHOST="${TCPLOCALHOST-unset}" echo TCPLOCALIP="${TCPLOCALIP-unset}" echo TCPLOCALPORT="${TCPLOCALPORT-unset}" echo TCPREMOTEHOST="${TCPREMOTEHOST-unset}" echo TCPREMOTEIP="${TCPREMOTEIP-unset}" echo TCPREMOTEPORT="${TCPREMOTEPORT-unset}" echo TCPREMOTEINFO="${TCPREMOTEINFO-unset}" echo TCP6REMOTEHOST="${TCP6REMOTEHOST-unset}" echo TCP6REMOTEIP="${TCP6REMOTEIP-unset}" echo TCP6REMOTEPORT="${TCP6REMOTEPORT-unset}" echo SSL_PROTOCOL="${SSL_PROTOCOL-unset}" echo SSL_SESSION_ID="${SSL_SESSION_ID-unset}" echo SSL_CIPHER="${SSL_CIPHER-unset}" echo SSL_CIPHER_EXPORT="${SSL_CIPHER_EXPORT-unset}" echo SSL_CIPHER_USEKEYSIZE="${SSL_CIPHER_USEKEYSIZE-unset}" echo SSL_CIPHER_ALGKEYSIZE="${SSL_CIPHER_ALGKEYSIZE-unset}" echo SSL_VERSION_INTERFACE="${SSL_VERSION_INTERFACE-unset}" echo SSL_VERSION_LIBRARY="${SSL_VERSION_LIBRARY-unset}" echo SSL_SERVER_M_VERSION="${SSL_SERVER_M_VERSION-unset}" echo SSL_SERVER_M_SERIAL="${SSL_SERVER_M_SERIAL-unset}" echo SSL_SERVER_S_DN="${SSL_SERVER_S_DN-unset}" echo SSL_SERVER_S_DN_C="${SSL_SERVER_S_DN_C-unset}" echo SSL_SERVER_S_DN_ST="${SSL_SERVER_S_DN_ST-unset}" echo SSL_SERVER_S_DN_L="${SSL_SERVER_S_DN_L-unset}" echo SSL_SERVER_S_DN_O="${SSL_SERVER_S_DN_O-unset}" echo SSL_SERVER_S_DN_OU="${SSL_SERVER_S_DN_OU-unset}" echo SSL_SERVER_S_DN_CN="${SSL_SERVER_S_DN_CN-unset}" echo SSL_SERVER_S_DN_T="${SSL_SERVER_S_DN_T-unset}" echo SSL_SERVER_S_DN_I="${SSL_SERVER_S_DN_I-unset}" echo SSL_SERVER_S_DN_G="${SSL_SERVER_S_DN_G-unset}" echo SSL_SERVER_S_DN_S="${SSL_SERVER_S_DN_S-unset}" echo SSL_SERVER_S_DN_D="${SSL_SERVER_S_DN_D-unset}" echo SSL_SERVER_S_DN_UID="${SSL_SERVER_S_DN_UID-unset}" echo SSL_SERVER_S_DN_Email="${SSL_SERVER_S_DN_Email-unset}" echo SSL_SERVER_I_DN="${SSL_SERVER_I_DN-unset}" echo SSL_SERVER_I_DN_C="${SSL_SERVER_I_DN_C-unset}" echo SSL_SERVER_I_DN_ST="${SSL_SERVER_I_DN_ST-unset}" echo SSL_SERVER_I_DN_L="${SSL_SERVER_I_DN_L-unset}" echo SSL_SERVER_I_DN_O="${SSL_SERVER_I_DN_O-unset}" echo SSL_SERVER_I_DN_OU="${SSL_SERVER_I_DN_OU-unset}" echo SSL_SERVER_I_DN_CN="${SSL_SERVER_I_DN_CN-unset}" echo SSL_SERVER_I_DN_T="${SSL_SERVER_I_DN_T-unset}" echo SSL_SERVER_I_DN_I="${SSL_SERVER_I_DN_I-unset}" echo SSL_SERVER_I_DN_G="${SSL_SERVER_I_DN_G-unset}" echo SSL_SERVER_I_DN_S="${SSL_SERVER_I_DN_S-unset}" echo SSL_SERVER_I_DN_D="${SSL_SERVER_I_DN_D-unset}" echo SSL_SERVER_I_DN_UID="${SSL_SERVER_I_DN_UID-unset}" echo SSL_SERVER_I_DN_Email="${SSL_SERVER_I_DN_Email-unset}" echo SSL_SERVER_V_START="${SSL_SERVER_V_START-unset}" echo SSL_SERVER_V_END="${SSL_SERVER_V_END-unset}" echo SSL_SERVER_A_SIG="${SSL_SERVER_A_SIG-unset}" echo SSL_SERVER_A_KEY="${SSL_SERVER_A_KEY-unset}" echo SSL_SERVER_CERT="${SSL_SERVER_CERT-unset}" echo SSL_CLIENT_M_VERSION="${SSL_CLIENT_M_VERSION-unset}" echo SSL_CLIENT_M_SERIAL="${SSL_CLIENT_M_SERIAL-unset}" echo SSL_CLIENT_S_DN="${SSL_CLIENT_S_DN-unset}" echo SSL_CLIENT_S_DN_C="${SSL_CLIENT_S_DN_C-unset}" echo SSL_CLIENT_S_DN_ST="${SSL_CLIENT_S_DN_ST-unset}" echo SSL_CLIENT_S_DN_L="${SSL_CLIENT_S_DN_L-unset}" echo SSL_CLIENT_S_DN_O="${SSL_CLIENT_S_DN_O-unset}" echo SSL_CLIENT_S_DN_OU="${SSL_CLIENT_S_DN_OU-unset}" echo SSL_CLIENT_S_DN_CN="${SSL_CLIENT_S_DN_CN-unset}" echo SSL_CLIENT_S_DN_T="${SSL_CLIENT_S_DN_T-unset}" echo SSL_CLIENT_S_DN_I="${SSL_CLIENT_S_DN_I-unset}" echo SSL_CLIENT_S_DN_G="${SSL_CLIENT_S_DN_G-unset}" echo SSL_CLIENT_S_DN_S="${SSL_CLIENT_S_DN_S-unset}" echo SSL_CLIENT_S_DN_D="${SSL_CLIENT_S_DN_D-unset}" echo SSL_CLIENT_S_DN_UID="${SSL_CLIENT_S_DN_UID-unset}" echo SSL_CLIENT_S_DN_Email="${SSL_CLIENT_S_DN_Email-unset}" echo SSL_CLIENT_I_DN="${SSL_CLIENT_I_DN-unset}" echo SSL_CLIENT_I_DN_C="${SSL_CLIENT_I_DN_C-unset}" echo SSL_CLIENT_I_DN_ST="${SSL_CLIENT_I_DN_ST-unset}" echo SSL_CLIENT_I_DN_L="${SSL_CLIENT_I_DN_L-unset}" echo SSL_CLIENT_I_DN_O="${SSL_CLIENT_I_DN_O-unset}" echo SSL_CLIENT_I_DN_OU="${SSL_CLIENT_I_DN_OU-unset}" echo SSL_CLIENT_I_DN_CN="${SSL_CLIENT_I_DN_CN-unset}" echo SSL_CLIENT_I_DN_T="${SSL_CLIENT_I_DN_T-unset}" echo SSL_CLIENT_I_DN_I="${SSL_CLIENT_I_DN_I-unset}" echo SSL_CLIENT_I_DN_G="${SSL_CLIENT_I_DN_G-unset}" echo SSL_CLIENT_I_DN_S="${SSL_CLIENT_I_DN_S-unset}" echo SSL_CLIENT_I_DN_D="${SSL_CLIENT_I_DN_D-unset}" echo SSL_CLIENT_I_DN_UID="${SSL_CLIENT_I_DN_UID-unset}" echo SSL_CLIENT_I_DN_Email="${SSL_CLIENT_I_DN_Email-unset}" echo SSL_CLIENT_V_START="${SSL_CLIENT_V_START-unset}" echo SSL_CLIENT_V_END="${SSL_CLIENT_V_END-unset}" echo SSL_CLIENT_A_SIG="${SSL_CLIENT_A_SIG-unset}" echo SSL_CLIENT_A_KEY="${SSL_CLIENT_A_KEY-unset}" echo SSL_CLIENT_CERT="${SSL_CLIENT_CERT-unset}" echo SSL_CLIENT_CERT_CHAIN_0="${SSL_CLIENT_CERT_CHAIN_0-unset}" echo SSL_CLIENT_CERT_CHAIN_1="${SSL_CLIENT_CERT_CHAIN_1-unset}" ' > print chmod 755 print # Sanitze output sanitize() { sed -e 's/^SSL_SESSION_ID=.*/SSL_SESSION_ID=.../' \ -e 's/^SSLREMOTEPORT=.*/SSLREMOTEPORT=.../' \ -e 's/^SSLLOCALPORT=.*/SSLLOCALPORT=.../' \ -e 's/^TCPREMOTEPORT=.*/TCPREMOTEPORT=.../' \ -e 's/^TCP6REMOTEPORT=.*/TCP6REMOTEPORT=.../' \ -e 's/^TCPLOCALPORT=.*/TCPLOCALPORT=.../' \ -e 's/^SSL_VERSION_LIBRARY=.*/SSL_VERSION_LIBRARY=.../' \ -e 's/^SSL_CIPHER_USEKEYSIZE=.*/SSL_CIPHER_USEKEYSIZE=.../' \ -e 's/^SSL_CIPHER_ALGKEYSIZE=.*/SSL_CIPHER_ALGKEYSIZE=.../' \ -e 's/^SSL_CIPHER=.*/SSL_CIPHER=.../' \ -e 's/^SSL_PROTOCOL=TLSv1.*/SSL_PROTOCOL=TLSv1.../' \ -e 's/Localserver:::1:[0-9]*/Localserver:::1:... /' \ -e 's/ip6-localnet:::::[0-9]*/ip6-localnet:::::.../' } # done