# @(#)89 1.9.2.5 src/bos/usr/lib/nim/methods/SSL_Makefile.mk.sh, cmdnim, bos72D, d2016_23A0 6/3/16 12:27:25 # IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # bos72D src/bos/usr/lib/nim/methods/SSL_Makefile.mk.sh 1.9.2.5 # # Licensed Materials - Property of IBM # # COPYRIGHT International Business Machines Corp. 2004,2016 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG # ======================================== # ==== Keys / Certs Generation File ==== # ======================================== AR = /bin/ar CAT = /bin/cat CHMOD = /bin/chmod 644 COPY = /bin/cp C_FUNCTION = /usr/lpp/bos.sysmgt/nim/methods/c_function MKDIR = /usr/bin/mkdir -m 700 -p MV = /bin/mv NIM = /usr/sbin/nim OPENSSL = /usr/bin/openssl PEMFILE = /tftpboot/server.pem PSWDFILE = /etc/security/nimssl.psw RM = /bin/rm -f SED = /bin/sed SLIBCLEAN = /usr/sbin/slibclean NIM_SSL_SO = /usr/lib/libssl.so NIM_CRYPTO_SO = /usr/lib/libcrypto.so KEYS = /ssl_nimsh/keys CERTS = /ssl_nimsh/certs CNFS = /ssl_nimsh/configs SAMPLES = /usr/samples/nim/ssl CERTFILES = root client server CERTFILES_EXPIRE = -days 365 all: env root $(CERTFILES): $(OPENSSL) req -new -keyout $(KEYS)/rootkey.pem -out $(CERTS)/rootreq.pem -config $(CNFS)/root.cnf -nodes $(OPENSSL) x509 -sha256 $(CERTFILES_EXPIRE) -req -in $(CERTS)/rootreq.pem -extfile $(CNFS)/root.cnf -extensions certificate_extensions -signkey $(KEYS)/rootkey.pem -out $(CERTS)/rootcert.pem $(CAT) $(CERTS)/rootcert.pem $(KEYS)/rootkey.pem > $(CERTS)/root.pem $(OPENSSL) req -new -keyout $(KEYS)/clientkey.pem -out $(CERTS)/clientreq.pem -config $(CNFS)/client.cnf -reqexts req_extensions $(OPENSSL) x509 -sha256 $(CERTFILES_EXPIRE) -req -in $(CERTS)/clientreq.pem -extfile $(CNFS)/client.cnf -extensions certificate_extensions -CA $(CERTS)/root.pem -CAkey $(CERTS)/root.pem -CAcreateserial -out $(CERTS)/clientcert.pem $(CAT) $(CERTS)/clientcert.pem $(KEYS)/clientkey.pem $(CERTS)/rootcert.pem > $(CERTS)/client.pem $(OPENSSL) req -new -keyout $(KEYS)/serverkey.pem -out $(CERTS)/serverreq.pem -config $(CNFS)/server.cnf -reqexts req_extensions -nodes $(OPENSSL) x509 -sha256 $(CERTFILES_EXPIRE) -req -in $(CERTS)/serverreq.pem -extfile $(CNFS)/server.cnf -extensions certificate_extensions -CA $(CERTS)/root.pem -CAkey $(CERTS)/root.pem -CAcreateserial -out $(CERTS)/servercert.pem $(CAT) $(CERTS)/servercert.pem $(KEYS)/serverkey.pem $(CERTS)/rootcert.pem > $(CERTS)/server.pem $(COPY) $(CERTS)/server.pem $(PEMFILE) $(CHMOD) $(PEMFILE) $(NIM) -Fo change -a ssl_support=yes master $(C_FUNCTION) -o secure_tftp_access certclean: $(RM) $(KEYS)/rootkey.pem $(CERTS)/rootreq.pem $(CERTS)/rootcert.pem $(CERTS)/root.pem $(CERTS)/root.srl $(RM) $(KEYS)/clientkey.pem $(CERTS)/clientreq.pem $(CERTS)/clientcert.pem $(CERTS)/client.pem $(RM) $(KEYS)/serverkey.pem $(CERTS)/serverreq.pem $(CERTS)/servercert.pem $(CERTS)/server.pem $(RM) $(PEMFILE) $(PSWDFILE) $(NIM) -Fo change -a ssl_support=no master env: $(MKDIR) $(KEYS) $(CERTS) $(CNFS) $(COPY) $(SAMPLES)/*.cnf $(CNFS) $(COPY) $(SAMPLES)/SSL_Makefile.mk $(CNFS)/Makefile $(SED) 's/subjectAltName .*/subjectAltName = DNS:$(NIM_MASTER_HOSTNAME)/' $(CNFS)/SSL_client.cnf > $(CNFS)/client.cnf $(SED) 's/subjectAltName .*/subjectAltName = DNS:$(NIM_MASTER_HOSTNAME)/' $(CNFS)/SSL_server.cnf > $(CNFS)/server.cnf $(MV) $(CNFS)/SSL_root.cnf $(CNFS)/root.cnf $(SLIBCLEAN) $(AR) -v -x /usr/lib/libssl.a $(NIM_SSL_SO) $(AR) -v -x /usr/lib/libcrypto.a $(NIM_CRYPTO_SO) rm_env: $(RM) $(KEYS) $(CERTS) $(CNFS) $(PEMFILE) $(PSWDFILE) $(NIM) -Fo change -a ssl_support=no master distclean: certclean