# # WARNING: Do not edit this file unless you know what you are # doing. To configure edit Makefile instead. That is better documented # .DEFAULT_GOAL = key INFOS= $(sort request fingerprint certificate) TARGETS= $(sort key expire restart obliterate show help) .PHONY : ${TARGETS} .PHONY : expire-key expire-dsaparam expire-dhparam expire-all include Makefile.configure # Read in the configurations .PHONY : before-key # Setting openssl path OPENSSL = $(firstword $(wildcard $(subst :,/openssl ,${PATH}))) ifeq ($(strip ${OPENSSL}),) $(error I cannot find openssl in current path ${PATH}. Is it installed ?) endif ############################################################# ## Checking the set parameters ##### ############################################################# ifeq ($(filter $(strip ${KEY_TYPE}), rsa dsa),) $(error Makefile.configure: KEY_TYPE should be one of dsa or rsa) endif ifeq ($(filter $(strip ${KEY_ENCRYPT}), des des3 idea noencrypt),) $(error Makefile.configure: KEY_ENCRYPT should be one\ of noencrypt des des3 idea) endif ifeq ($(strip ${KEY_ENCRYPT}),noencrypt) KEY_CRYPT_OPT= else KEY_CRYPT_OPT = -${KEY_ENCRYPT} endif GENRSA = ${OPENSSL} genrsa ${KEY_CRYPT_OPT} GENDSA = ${OPENSSL} gendsa ${KEY_CRYPT_OPT} REQ = ${OPENSSL} req -config ssl.conf DSAPARAM = ${OPENSSL} dsaparam -outform PEM DHPARAM = ${OPENSSL} dhparam -outform PEM key : before-key private.pem request.pem dh.param expire : $(if ${target}, $(foreach t, ${target}, make -s expire-${t}; ),\ make -s expire-key) expire-all : expire-key expire-dsaparam expire-dhparam expire-key : echo -n Expiring the current key ... rm -f private.pem request.pem echo done. obliterate : echo Wiping everything clean rm -f private.pem request.pem dsa.param dh.param certificate.pem dh.param : ${DHPARAM} -out dh.param ${DH_PARAM_SIZE} expire-dhparam : echo -n Expiring Diffie-Hellman parameters ... rm -f dh.param echo done. ifeq ($(strip ${KEY_TYPE}), rsa) # Generate RSA key private.pem : ${GENRSA} -out private.pem ${KEY_SIZE} chmod 600 private.pem # make the private key unreadable. expire-dsaparam : endif ifeq ($(strip ${KEY_TYPE}), dsa) # Generate DSA key private.pem : dsa.param ${GENDSA} -out private.pem dsa.param chmod 600 private.pem # make the private key unreadeable. dsa.param : ${DSAPARAM} -out dsa.param ${KEY_SIZE} expire-dsaparam : echo -n Expiring DSA parameters ... rm -f dsa.param echo done. endif request.pem : private.pem ${REQ} -new -key private.pem -out request.pem ################################################################### ### Information about the key ### ################################################################### SHOW_TARGETS= ${addprefix show-, ${INFOS}} .PHONY : show- ${SHOW_TARGETS} show : show-${info} show- : help-show show-request : request.pem @ ${OPENSSL} req -text -noout -nameopt multiline -in request.pem | less show-certificate : certificate.pem @ ${OPENSSL} x509 -text -nameopt multiline \ -noout -in certificate.pem | less show-fingerprint : certificate.pem @ ${OPENSSL} x509 -fingerprint -noout -sha1 -in certificate.pem @ ${OPENSSL} x509 -fingerprint -noout -md5 -in certificate.pem ################################################################### ### Short help about targets ### ################################################################### HELP_TARGETS= help- ${addprefix help-, ${TARGETS}} .PHONY : ${HELP_TARGETS} help : help-${target} help- : help-help help-help : @ echo make help target=TARGET @ echo -e \\twhere TARGET is absent or one of \{${TARGETS}\} @ echo -e \\tPrints a short help for the given target. help-expire : @ echo make expire target=TARGET: expires the targets given in the \ target variable. @ echo -e '\t'Here target is a space seperated list of {key, \ dsaparam, dhparam, all}. @ echo -e '\t'If target is omited only the key is expired. For multiple \ targets, @ echo -e '\t'ensure that they are quote protected. help-key : @ echo make key: generate the request key pair. help-obliterate : @ echo make obliterate: Wipes up every thing. Use only for testing help-restart : @ echo make restart: restarts the server. help-show : @ echo make show info=INFO @ echo -e \\twhere INFO is one of ${INFOS} @ echo @ for t in ${INFOS} ; do make -s help-show-$$t; done help-show-certificate : @ echo make show info=certificate: prints the text form of the \ certificate help-show-request : @ echo make show info=request: prints the text form of the request help-show-fingerprint : @ echo -e make show info=fingerprint: prints the fingerprint \(\ for comparing certificates\).