aboutsummaryrefslogtreecommitdiff
path: root/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'openssl')
-rw-r--r--openssl/Makefile.in (renamed from openssl/Makefile)21
1 files changed, 12 insertions, 9 deletions
diff --git a/openssl/Makefile b/openssl/Makefile.in
index 48170b6c..14a5bcb3 100644
--- a/openssl/Makefile
+++ b/openssl/Makefile.in
@@ -2,11 +2,11 @@
# Kludge alert:
#
-# The --prefix=`pwd` and LIBRPATH=`pwd` settings below are to force
-# OpenSSL's baroque configuration mechanism to build shared libraries
-# that will run out of the build tree. This is temporary. Once we
-# write "make install" code, we'll have to change that to point to the
-# directory where the OpenSSL shared libraries will be installed.
+# The --prefix= and LIBRPATH= settings below are to force OpenSSL's
+# baroque configuration mechanism to build shared libraries that will
+# run out of the build tree. This is temporary. Once we write "make
+# install" code, we'll have to change that to point to the directory
+# where the OpenSSL shared libraries will be installed.
#
# I would have avoided shared libraries entirely if I could, but the
# GNU linker isn't able to build POW (see ../pow/) from static
@@ -17,10 +17,14 @@
VERSION = 1.0.0-beta5
-OPTIONS = enable-rfc3779 enable-cms no-dso enable-shared --prefix=`pwd`
+OPENSSL_CONFIG_COMMAND = @OPENSSL_CONFIG_COMMAND@
+
+OPENSSL_BUILD_DIRECTORY = @abs_builddir@/openssl
+
+OPTIONS = enable-rfc3779 enable-cms no-dso enable-shared --prefix=${OPENSSL_BUILD_DIRECTORY}
all: openssl-${VERSION}/Makefile
- cd openssl-${VERSION}; ${MAKE} $@ LIBRPATH=`pwd`
+ cd openssl-${VERSION}; ${MAKE} $@ LIBRPATH=${OPENSSL_BUILD_DIRECTORY}
ln -sf openssl-${VERSION} openssl
clean:
@@ -32,8 +36,7 @@ clean:
# case it's probably easier to use ./Configure.
openssl-${VERSION}/Makefile: openssl-${VERSION}/config
- cd openssl-${VERSION}; PERL=/usr/bin/perl ./config ${OPTIONS}
-# cd openssl-${VERSION}; PERL=/usr/bin/perl ./Configure debug-BSD-x86-elf ${OPTIONS}
+ cd openssl-${VERSION}; PERL=/usr/bin/perl ${OPENSSL_CONFIG_COMMAND} ${OPTIONS}
cd openssl-${VERSION}; ${MAKE} depend
openssl-${VERSION}/config: openssl-${VERSION}.tar.gz
href='/sra/rpki.net/commit/myrpki/myrpki.conf?h=zone-cleanup&id=b0efb7fe8e09cefd2ef7a595809efc8b33c2a06a'>b0efb7fe
65dd0c1e


b0efb7fe


a3148178
2346523c
b0efb7fe




2346523c

b0efb7fe
2346523c
203fe4fc
b0efb7fe

e277d7c7
fa47dd14
b0efb7fe


e277d7c7
fa47dd14
b0efb7fe


fa47dd14
46298f37
b0efb7fe


46298f37
bb95e97e
b0efb7fe












e277d7c7
09173e92
b0efb7fe








a28f5a00





65dd0c1e




a28f5a00








65dd0c1e



a28f5a00








65dd0c1e



a28f5a00



6463c56e













a28f5a00



65dd0c1e




a28f5a00


faee471a
c9bab751

a28f5a00
65dd0c1e
faee471a
a28f5a00



c9bab751

a28f5a00
c9bab751

a28f5a00




c9bab751
a28f5a00






1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183

      

                                                                      

                                                                  

        





                                              


                                                  
                                        
 
           



                                        
 
        
                                            


                                             


                                                         
 
     




                                                          

        
                                                                    
 
                

                                              
 
                    


                                                            
 
                    


                                                            
 
                


                                                  
 
    












                                                         
 
              








                                          





                                       




                                                       








                                                         



                                                       








                                                         



                                                      



                                              













                                                                    



                                               




                                                       


                                      
                                              

                                                                        
 
                                                    
                                                      



                                                      

                                          
 

                                            




                                                              
                                                                                                                                                      






                                                                    
# $Id$
#
# Config file for myrpi.py; note that this is also read by the OpenSSL
# command line tool running under mypki.py, so syntax must remain
# compatable with both OpenSSL and Python config file parsers, and
# large portions of this are OpenSSL voodoo.

[myrpki]
handle				= wombat
roa_csv				= roas.csv
children_csv			= children.csv
parents_csv			= parents.csv
prefix_csv			= prefixes.csv
asn_csv				= asns.csv
xml_filename			= myrpki.xml
bpki_directory			= bpki.myrpki
repository_bpki_certificate	= bpki.pubd/ca.cer
repository_handle		= wombat

[constants]
digest				= sha256
key_length			= 2048
cert_days			= 365
crl_days			= 365

[myirbe]
irdbd_conf			= irdbd.conf
bpki_directory			= bpki.myirbe
want_pubd			= true
want_rootd			= true
rsync_base			= rsync://server.example/
pubd_base			= https://localhost:4402
rpkid_base			= https://localhost:4404

[req]
default_bits			= ${constants::key_length}
default_md			= ${constants::digest}
distinguished_name		= req_dn
prompt				= no
encrypt_key			= no

[req_dn]
CN                      	= Dummy name for certificate request

[ca_x509_ext_ee]
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid:always

[ca_x509_ext_xcert0]
basicConstraints		= critical,CA:true,pathlen:0
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid:always

[ca_x509_ext_xcert1]
basicConstraints		= critical,CA:true,pathlen:1
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid:always

[ca_x509_ext_ca]
basicConstraints		= critical,CA:true
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid:always

[ca]
default_ca			= ca
dir				= ${ENV::BPKI_DIRECTORY}
new_certs_dir			= $dir
database			= $dir/index
certificate			= $dir/ca.cer
private_key			= $dir/ca.key
default_days			= ${constants::cert_days}
default_crl_days		= ${constants::crl_days}
default_md			= ${constants::digest}
policy				= ca_dn_policy
unique_subject			= no
serial				= $dir/serial
crlnumber			= $dir/crl_number

[ca_dn_policy]
countryName			= optional
stateOrProvinceName		= optional
localityName			= optional
organizationName		= optional
organizationalUnitName		= optional
commonName			= supplied
emailAddress			= optional
givenName			= optional
surname				= optional

[rpkid]

sql-database			= rpki
sql-username			= rpki
sql-password    		= fnord
bpki-ta         		= bpki.myirbe/ca.cer
rpkid-key       		= bpki.myirbe/rpkid.key
rpkid-cert      		= bpki.myirbe/rpkid.cer
irdb-cert       		= bpki.myirbe/irdbd.cer
irbe-cert       		= bpki.myirbe/irbe.cer
irdb-url        		= https://localhost:4403/
server-host     		= localhost
server-port     		= 4404

[irdbd]

sql-database    		= irdb
sql-username    		= irdb
sql-password    		= fnord
bpki-ta         		= bpki.myirbe/ca.cer
rpkid-cert      		= bpki.myirbe/rpkid.cer
irdbd-cert      		= bpki.myirbe/irdbd.cer
irdbd-key       		= bpki.myirbe/irdbd.key
https-url			= https://localhost:4403/

[pubd]

startup-message			= This is pubd

sql-database            	= pubd
sql-username            	= pubd
sql-password            	= fnord
bpki-ta                 	= bpki.myirbe/ca.cer
pubd-cert               	= bpki.myirbe/pubd.cer
pubd-key                	= bpki.myirbe/pubd.key
irbe-cert               	= bpki.myirbe/irbe.cer
server-host             	= localhost
server-port             	= 4402
publication-base        	= publication/

[irbe_cli]

rpkid-bpki-ta                   = bpki.myirbe/ca.cer
rpkid-irbe-key                  = bpki.myirbe/irbe.key
rpkid-irbe-cert                 = bpki.myirbe/irbe.cer
rpkid-cert                      = bpki.myirbe/rpkid.cer
rpkid-url                       = https://localhost:4404/left-right/

pubd-bpki-ta                    = bpki.myirbe/ca.cer
pubd-irbe-key                   = bpki.myirbe/irbe.key
pubd-irbe-cert                  = bpki.myirbe/irbe.cer
pubd-cert                       = bpki.myirbe/pubd.cer
pubd-url                        = https://localhost:4402/control/

[rootd]

startup-message			= This is rootd

bpki-ta                 	= bpki.myirbe/ca.cer
rootd-bpki-crl          	= bpki.myirbe/ca.crl
rootd-bpki-cert         	= bpki.myirbe/rootd.cer
rootd-bpki-key          	= bpki.myirbe/rootd.key
child-bpki-cert         	= bpki.myirbe/child.cer

server-port             	= 4401

rpki-root-dir           	= publication/
rpki-base-uri           	= rsync://localhost:4400/wombat/
rpki-root-cert-uri      	= rsync://localhost:4400/wombat/root.cer

rpki-root-key           	= bpki.myirbe/ca.key
rpki-root-cert          	= publication/root.cer

rpki-subject-pkcs10     	= rootd.subject.pkcs10
rpki-subject-lifetime   	= 30d

rpki-root-crl           	= root.crl
rpki-root-manifest      	= root.mnf

rpki-class-name         	= wombat
rpki-subject-cert       	= wombat.cer

[rpki_x509_extensions]
basicConstraints        	= critical,CA:true
subjectKeyIdentifier    	= hash
keyUsage                	= critical,keyCertSign,cRLSign
subjectInfoAccess       	= 1.3.6.1.5.5.7.48.5;URI:rsync://localhost:4400/wombat/,1.3.6.1.5.5.7.48.10;URI:rsync://localhost:4400/wombat/root.mnf
sbgp-autonomousSysNum   	= critical,AS:0-4294967295
sbgp-ipAddrBlock        	= critical,IPv4:0.0.0.0/0,IPv6:0::/0
certificatePolicies     	= critical, @rpki_certificate_policy

[rpki_certificate_policy]

policyIdentifier = 1.3.6.1.5.5.7.14.2