forked from rabbitmq/tls-gen
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Makefile
95 lines (74 loc) · 1.95 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# -*- mode: BSDmakefile; tab-width: 8; indent-tabs-mode: nil -*-
OPENSSL = openssl
ifndef PYTHON
PYTHON := python3
endif
ifndef CN
ifeq ($(MAKECMDGOALS),client-cert)
$(error "Please add option.. CN=<name> to run target client-cert")
else
CN := $(shell hostname)
endif
endif
ifeq ($(MAKECMDGOALS),client-cert)
rootdir = $(realpath .)
ifneq ("$(wildcard $(rootdir)/testca/cacert.pem)","")
$(info Will use ca cert $(rootdir)/testca/cacert.pem to sign the client cert)
else
$(error "Please run make to generate ca certificate before running make client-cert")
endif
endif
ifndef CLIENT_ALT_NAME
CLIENT_ALT_NAME := $(shell hostname)
endif
ifndef SERVER_ALT_NAME
SERVER_ALT_NAME := $(shell hostname)
endif
ifndef NUMBER_OF_PRIVATE_KEY_BITS
NUMBER_OF_PRIVATE_KEY_BITS := 2048
endif
ifndef DAYS_OF_VALIDITY
DAYS_OF_VALIDITY := 3650
endif
ifndef ECC_CURVE
ECC_CURVE := "prime256v1"
endif
ifndef USE_ECC
USE_ECC := false
endif
ifeq ($(USE_ECC),true)
ECC_FLAGS := --use-ecc --ecc-curve $(ECC_CURVE)
endif
PASS := ""
ifdef PASSWORD
PASS = "$(PASSWORD)"
endif
all: regen verify
clean:
$(PYTHON) profile.py clean
gen:
$(PYTHON) profile.py generate --password $(PASS) \
--common-name $(CN) \
--client-alt-name $(CLIENT_ALT_NAME) \
--server-alt-name $(SERVER_ALT_NAME) \
--days-of-validity $(DAYS_OF_VALIDITY) \
--key-bits $(NUMBER_OF_PRIVATE_KEY_BITS) $(ECC_FLAGS)
regen:
$(PYTHON) profile.py regenerate --password $(PASS) \
--common-name $(CN) \
--client-alt-name $(CLIENT_ALT_NAME) \
--server-alt-name $(SERVER_ALT_NAME) \
--days-of-validity $(DAYS_OF_VALIDITY) \
--key-bits $(NUMBER_OF_PRIVATE_KEY_BITS) $(ECC_FLAGS)
client-cert:
$(PYTHON) profile.py client --password $(PASS) \
--common-name $(CN) \
--client-alt-name $(CLIENT_ALT_NAME) \
--days-of-validity $(DAYS_OF_VALIDITY) \
--key-bits $(NUMBER_OF_PRIVATE_KEY_BITS) $(ECC_FLAGS)
info:
$(PYTHON) profile.py info
verify:
$(PYTHON) profile.py verify
help:
$(PYTHON) profile.py --help