]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/external/kerberos_ldap_group/cert_tool
3 ## Copyright (C) 1996-2016 The Squid Software Foundation and contributors
5 ## Squid software is distributed under GPLv2+ license and includes
6 ## contributions from numerous individuals and organizations.
7 ## Please see the COPYING and CONTRIBUTORS files for details.
9 # -----------------------------------------------------------------------------
11 # Author: Markus Moeller (markus_moeller at compuserve.com)
13 # Copyright (C) 2007 Markus Moeller. All rights reserved.
15 # This program is free software; you can redistribute it and/or modify
16 # it under the terms of the GNU General Public License as published by
17 # the Free Software Foundation; either version 2 of the License, or
18 # (at your option) any later version.
20 # This program is distributed in the hope that it will be useful,
21 # but WITHOUT ANY WARRANTY; without even the implied warranty of
22 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 # GNU General Public License for more details.
25 # You should have received a copy of the GNU General Public License
26 # along with this program; if not, write to the Free Software
27 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
29 # -----------------------------------------------------------------------------
32 # creates the following files:
40 echo "Usage: `basename $0` ldap-server port"
54 rm ${server}_
[0-9]*.cert
2>/dev
/null
56 # Get certs and store in .cert file
58 ( openssl s_client
-showcerts -connect $server:$port 2>/dev
/null
<<!
61 ) |
awk 'BEGIN{start=0;ostart=0}{if ( $0 ~ /BEGIN CERTIFICATE/ ) { start=start+1 };
62 if ( start > ostart ) {print $0 >>"'$server'_"start".cert"};
63 if ( $0 ~ /END CERTIFICATE/) { ostart=start } }'
66 # from mozilla-nss-tools
67 # /usr/sfw/bin on Solaris
70 # Create database for Sun ldap and pem file for Openldap
72 rm ${server}_
[0-9]*.pem
2>/dev
/null
74 ls ${server}_
[0-9]*.cert |
while read file; do
76 cat $file >> ${server}_
$i.pem
77 CA
=`openssl x509 -noout -text -in ${server}_$i.pem | grep -i "CA:.*true"`
79 echo "CA is in ${server}_$i.pem"
80 certutil
-A -a -n "${server}_$i" -i $file -t "C,," -d .
82 certutil
-A -a -n "${server}_$i" -i $file -t "P,," -d .