dh:
openssl dhparam -dsaparam -outform PEM -out dh $(DH_KEY_SIZE)
+######################################################################
+#
+# Generic rules
+#
+######################################################################
+%.der: %.pem
+ openssl x509 -inform PEM -outform DER -in $< -out $@
+
######################################################################
#
# Create a new self-signed RSA CA certificate
-passin pass:$(PASSWORD_CA) -passout pass:$(PASSWORD_CA)
chmod g+r rsa/ca.key rsa/ca.pem
-rsa/ca.der: rsa/ca.pem
- openssl x509 -inform PEM -outform DER -in rsa/ca.pem -out rsa/ca.der
-
rsa/ca.crl: rsa/ca.pem
- openssl ca -gencrl -keyfile rsa/ca.key -cert rsa/ca.pem -config ./ca.cnf -out rsa/ca-crl.pem -key $(PASSWORD_CA)
- openssl crl -in rsa/ca-crl.pem -outform der -out rsa/ca.crl
+ openssl ca -gencrl -keyfile rsa/ca.key -cert $< -config ./ca.cnf -out rsa/ca-crl.pem -key $(PASSWORD_CA)
+ openssl crl -in rsa/ca-crl.pem -outform DER -out $@
@rm -f rsa/ca-crl.pem
rsa/ca.csr: ca.cnf
- openssl req -new -x509 -keyout rsa/ca.key -out rsa/ca.csr -config ./ca.cnf -days $(CA_DEFAULT_DAYS)
+ openssl req -new -x509 -keyout rsa/ca.key -out $@ -config ./ca.cnf -days $(CA_DEFAULT_DAYS)
rsa/ca.crt: rsa/ca.pem
- openssl x509 -outform der -in rsa/ca.pem -out rsa/ca.crt
+ openssl x509 -outform DER -in $< -out $@
######################################################################
#
######################################################################
ecc/ca.key: ca.cnf | $(OUTPUT_DIRS)
- openssl ecparam -out ecc/ca.key -name prime256v1 -genkey
+ openssl ecparam -out $@ -name prime256v1 -genkey
ecc/ca.der: ecc/ca.pem
- openssl x509 -inform PEM -outform DER -in ecc/ca.pem -out ecc/ca.der
+ openssl x509 -inform PEM -outform DER -in $< -out $@
-ecc/ca.pem: ecc/ca.key ca.cnf
+ecc/ca.pem: ecc/ca.key
@[ -f index.txt ] || $(MAKE) index.txt
@[ -f serial ] || $(MAKE) serial
- openssl req -new -x509 -key ecc/ca.key -out ecc/ca.pem -config ./ca.cnf -days $(CA_DEFAULT_DAYS)
+ openssl req -new -x509 -key $< -out $@ -config ./ca.cnf -days $(CA_DEFAULT_DAYS)
ecc/ca.crt: ecc/ca.pem
- openssl x509 -outform der -in ecc/ca.pem -out ecc/ca.crt
+ openssl x509 -outform DER -in $< -out $@
######################################################################
chmod g+r rsa/server.key
rsa/server.crt: rsa/ca.key rsa/ca.pem rsa/server.csr
- openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/server.csr -key $(PASSWORD_CA) -out rsa/server.crt -config ./server.cnf
+ openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/server.csr -key $(PASSWORD_CA) -out $@ -config ./server.cnf
rsa/server.p12: rsa/server.crt
- openssl pkcs12 -export -in rsa/server.crt -inkey rsa/server.key -out rsa/server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+ openssl pkcs12 -export -in $< -inkey rsa/server.key -out $@ -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r $@
rsa/server.pem: rsa/server.p12
- openssl pkcs12 -in rsa/server.p12 -out rsa/server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+ openssl pkcs12 -in $< -out $@ -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r $@
.PHONY: rsa/server.vrfy
#
######################################################################
ecc/server.key: server.cnf | $(OUTPUT_DIRS)
- openssl ecparam -out ecc/server.key -name prime256v1 -genkey
+ openssl ecparam -out $@ -name prime256v1 -genkey
chmod g+r $@
-ecc/server.csr: ecc/server.key server.cnf
- openssl req -new -out ecc/server.csr -key ecc/server.key -config ./server.cnf
+ecc/server.csr: ecc/server.key
+ openssl req -new -out $@ -key $< -config ./server.cnf
ecc/server.crt: ecc/ca.key ecc/ca.pem ecc/server.csr
- openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/server.csr -key $(PASSWORD_CA) -out ecc/server.crt -config ./server.cnf
+ openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/server.csr -key $(PASSWORD_CA) -out $@ -config ./server.cnf
ecc/server.p12: ecc/server.crt
- openssl pkcs12 -export -in ecc/server.crt -inkey ecc/server.key -out ecc/server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+ openssl pkcs12 -export -in $< -inkey ecc/server.key -out $@ -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r $@
ecc/server.pem: ecc/server.p12
- openssl pkcs12 -in ecc/server.p12 -out ecc/server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
+ openssl pkcs12 -in $< -out $@ -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
chmod g+r $@
.PHONY: ecc/server.vrfy
chmod g+r rsa/ocsp.key
rsa/ocsp.crt: rsa/ca.key rsa/ca.pem rsa/ocsp.csr
- openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/ocsp.csr -key $(PASSWORD_CA) -out rsa/ocsp.crt -config ./ocsp.cnf
+ openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/ocsp.csr -key $(PASSWORD_CA) -out $@ -config ./ocsp.cnf
rsa/ocsp.p12: rsa/ocsp.crt
- openssl pkcs12 -export -in rsa/ocsp.crt -inkey rsa/ocsp.key -out rsa/ocsp.p12 -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
+ openssl pkcs12 -export -in $< -inkey rsa/ocsp.key -out $@ -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
chmod g+r $@
rsa/ocsp.pem: rsa/ocsp.p12
- openssl pkcs12 -in rsa/ocsp.p12 -out rsa/ocsp.pem -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
+ openssl pkcs12 -in $< -out $@ -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
chmod g+r $@
.PHONY: rsa/ocsp.vrfy
#
######################################################################
ecc/ocsp.key: ocsp.cnf | $(OUTPUT_DIRS)
- openssl ecparam -out ecc/ocsp.key -name prime256v1 -genkey
+ openssl ecparam -out $@ -name prime256v1 -genkey
chmod g+r $@
-ecc/ocsp.csr: ecc/ocsp.key ocsp.cnf
- openssl req -new -out ecc/ocsp.csr -key ecc/ocsp.key -config ./ocsp.cnf
+ecc/ocsp.csr: ecc/ocsp.key
+ openssl req -new -out $@ -key ecc/ocsp.key -config ./ocsp.cnf
ecc/ocsp.crt: ecc/ca.key ecc/ca.pem ecc/ocsp.csr
- openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/ocsp.csr -key $(PASSWORD_CA) -out ecc/ocsp.crt -config ./ocsp.cnf
+ openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/ocsp.csr -key $(PASSWORD_CA) -out $@ -config ./ocsp.cnf
ecc/ocsp.p12: ecc/ocsp.crt
- openssl pkcs12 -export -in ecc/ocsp.crt -inkey ecc/ocsp.key -out ecc/ocsp.p12 -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
+ openssl pkcs12 -export -in $< -inkey ecc/ocsp.key -out $@ -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
chmod g+r $@
ecc/ocsp.pem: ecc/ocsp.p12
- openssl pkcs12 -in ecc/ocsp.p12 -out ecc/ocsp.pem -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
+ openssl pkcs12 -in $< -out $@ -passin pass:$(PASSWORD_OCSP) -passout pass:$(PASSWORD_OCSP)
chmod g+r $@
.PHONY: ecc/ocsp.vrfy
chmod g+r rsa/client.key
rsa/client.crt: rsa/ca.pem rsa/ca.key rsa/client.csr
- openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/client.csr -key $(PASSWORD_CA) -out rsa/client.crt -config ./client.cnf
+ openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/client.csr -key $(PASSWORD_CA) -out $@ -config ./client.cnf
rsa/client.p12: rsa/client.crt
- openssl pkcs12 -export -in rsa/client.crt -inkey rsa/client.key -out rsa/client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+ openssl pkcs12 -export -in $< -inkey rsa/client.key -out $@ -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
chmod g+r $@
rsa/client.pem: rsa/client.p12
- openssl pkcs12 -in rsa/client.p12 -out rsa/client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+ openssl pkcs12 -in $< -out $@ -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
chmod g+r $@
cp rsa/client.pem $(USER_NAME).pem
#
######################################################################
ecc/client.key: client.cnf | $(OUTPUT_DIRS)
- openssl ecparam -out ecc/client.key -name prime256v1 -genkey
+ openssl ecparam -out $@ -name prime256v1 -genkey
chmod g+r $@
-ecc/client.csr: ecc/client.key client.cnf
- openssl req -new -out ecc/client.csr -key ecc/client.key -config ./client.cnf
+ecc/client.csr: ecc/client.key
+ openssl req -new -out $@ -key ecc/client.key -config ./client.cnf
ecc/client.crt: ecc/ca.pem ecc/ca.key ecc/client.csr
- openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/client.csr -key $(PASSWORD_CA) -out ecc/client.crt -config ./client.cnf
+ openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/client.csr -key $(PASSWORD_CA) -out $@ -config ./client.cnf
ecc/client.p12: ecc/client.crt
- openssl pkcs12 -export -in ecc/client.crt -inkey ecc/client.key -out ecc/client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+ openssl pkcs12 -export -in $< -inkey ecc/client.key -out $@ -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
chmod g+r $@
ecc/client.pem: ecc/client.p12
- openssl pkcs12 -in ecc/client.p12 -out ecc/client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
+ openssl pkcs12 -in $< -out $@ -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
chmod g+r $@
cp ecc/client.pem $(USER_NAME).ecc.pem
chmod g+r rsa/inner-server.key
rsa/inner-server.crt: rsa/ca.key rsa/ca.pem rsa/inner-server.csr
- openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/inner-server.csr -key $(PASSWORD_CA) -out rsa/inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
+ openssl ca -batch -keyfile rsa/ca.key -cert rsa/ca.pem -in rsa/inner-server.csr -key $(PASSWORD_CA) -out $@ -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
rsa/inner-server.p12: rsa/inner-server.crt
- openssl pkcs12 -export -in rsa/inner-server.crt -inkey rsa/inner-server.key -out rsa/inner-server.p12 -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+ openssl pkcs12 -export -in $< -inkey rsa/inner-server.key -out $@ -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
chmod g+r $@
rsa/inner-server.pem: rsa/inner-server.p12
- openssl pkcs12 -in rsa/inner-server.p12 -out rsa/inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+ openssl pkcs12 -in $< -out $@ -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
chmod g+r $@
.PHONY: rsa/inner-server.vrfy
openssl ecparam -out ecc/inner-server.key -name prime256v1 -genkey
chmod g+r $@
-ecc/inner-server.csr: ecc/inner-server.key inner-server.cnf
- openssl req -new -out ecc/inner-server.csr -key ecc/inner-server.key -config ./inner-server.cnf
- chmod g+r ecc/inner-server.key
+ecc/inner-server.csr: ecc/inner-server.key
+ openssl req -new -out $@ -key ecc/inner-server.key -config ./inner-server.cnf
+ chmod g+r $@
ecc/inner-server.crt: ecc/ca.key ecc/ca.pem ecc/inner-server.csr
- openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/inner-server.csr -key $(PASSWORD_CA) -out ecc/inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
+ openssl ca -batch -keyfile ecc/ca.key -cert ecc/ca.pem -in ecc/inner-server.csr -key $(PASSWORD_CA) -out $@ -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf
ecc/inner-server.p12: ecc/inner-server.crt
- openssl pkcs12 -export -in ecc/inner-server.crt -inkey ecc/inner-server.key -out ecc/inner-server.p12 -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+ openssl pkcs12 -export -in $< -inkey ecc/inner-server.key -out $@ -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
chmod g+r $@
ecc/inner-server.pem: ecc/inner-server.p12
- openssl pkcs12 -in ecc/inner-server.p12 -out ecc/inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
+ openssl pkcs12 -in $<< -out $@ -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER)
chmod g+r $@
.PHONY: ecc/inner-server.vrfy
projects / thirdparty / freeradius-server.git / commitdiff
