mirrors/ympd
1
0
Fork 0
mirror of https://github.com/SuperBFG7/ympd synced 2025-03-04 02:28:19 +00:00
Code Issues Releases Wiki Activity

Improved certifcate creation, import /etc/mympd/ssl/ca/ca.pem to trust the mympd certificate

Browse Source
This commit is contained in:
jcorporation 2018-07-10 22:52:16 +01:00
parent eb2d38c6fd
commit c1a531f162
5 changed files with 74 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -43,8 +43,8 @@ Usage: ./mympd [OPTION]...
-w, --webport <port> listen port for webserver [80] -w, --webport <port> listen port for webserver [80]
-S, --ssl enable ssl -S, --ssl enable ssl
-W, --sslport listen port for ssl webserver [443] -W, --sslport listen port for ssl webserver [443]
-C, --sslcert filename for ssl certificate [/etc/mympd/server.pem] -C, --sslcert filename for ssl certificate [/etc/mympd/ssl/server.pem]
-K, --sslkey filename for ssl key [/etc/mympd/server.key] -K, --sslkey filename for ssl key [/etc/mympd/ssl/server.key]
-s, --streamport <port> connect to mpd http stream at port [8000] -s, --streamport <port> connect to mpd http stream at port [8000]
-u, --user <username> drop priviliges to user after socket bind -u, --user <username> drop priviliges to user after socket bind
-m, --mpdpass <password> specifies the password to use when connecting to mpd -m, --mpdpass <password> specifies the password to use when connecting to mpd

71
contrib/crcert.sh
View File

@ -1,18 +1,67 @@
#!/bin/sh #!/bin/sh
[ -d /etc/mympd/ssl ] && rm -r /etc/mympd/ssl
mkdir -p /etc/mympd/ssl/ca/certs
cd /etc/mympd/ssl/ca
echo '01' > serial
touch index.txt
touch index.txt.attr
echo "Creating ca"
cat > ca.cnf << EOL
[req]
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions
prompt = no
[root_ca_distinguished_name]
O = myMPD
CN = myMPD_CA
[root_ca_extensions]
basicConstraints = CA:true
[ ca ]
default_ca = mympd_ca
[mympd_ca]
dir = /etc/mympd/ssl/ca
database = /etc/mympd/ssl/ca/index.txt
new_certs_dir = /etc/mympd/ssl/ca/certs/
serial = /etc/mympd/ssl/ca/serial
copy_extensions = copy
policy = local_ca_policy
x509_extensions = local_ca_extensions
default_md = sha256
[ local_ca_policy ]
commonName = supplied
organizationName = supplied
[ local_ca_extensions ]
basicConstraints = CA:false
EOL
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 1000 -nodes -config ca.cnf \
-keyout ca.key -out ca.pem
HOSTNAME=$(hostname) HOSTNAME=$(hostname)
FQDN=$(hostname -f) FQDN=$(hostname -f)
IP=$(getent hosts $HOSTNAME | awk {'print $1'}) IP=$(getent hosts $HOSTNAME | awk {'print $1'})
cd /etc/mympd/ssl
echo "Creating cert:" echo "Creating cert:"
echo "\t$HOSTNAME" echo "\t$HOSTNAME"
echo "\t$FQDN" echo "\t$FQDN"
echo "\t$IP" echo "\t$IP"
cat > /etc/mympd/openssl.cnf << EOL cat > req.cnf << EOL
[req] [req]
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
x509_extensions = v3_req req_extensions = v3_req
prompt = no prompt = no
[req_distinguished_name] [req_distinguished_name]
@ -20,17 +69,27 @@ O = myMPD
CN = $FQDN CN = $FQDN
[v3_req] [v3_req]
keyUsage = keyEncipherment, dataEncipherment basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth extendedKeyUsage = serverAuth
subjectAltName = @alt_names subjectAltName = @alt_names
[alt_names] [alt_names]
DNS.1 = $HOSTNAME DNS.1 = $HOSTNAME
DNS.2 = $FQDN DNS.2 = $FQDN
DNS.3 = localhost
IP.1 = $IP IP.1 = $IP
IP.2 = 127.0.0.1
EOL EOL
openssl req -x509 -sha256 -newkey rsa:2048 -days 1000 -nodes -config /etc/mympd/openssl.cnf\ openssl req -new -sha256 -newkey rsa:2048 -days 1000 -nodes -config req.cnf \
-keyout /etc/mympd/server.key -out /etc/mympd/server.pem \ -keyout server.key -out server.csr \
-extensions 'v3_req' -extensions v3_req
echo "Sign cert with ca"
openssl ca -in server.csr -cert ca/ca.pem -keyfile ca/ca.key -config ca/ca.cnf \
-out server.pem -days 1000 -batch
rm server.csr
rm ca/ca.cnf
rm req.cnf

2
htdocs/mympd.webmanifest
View File

@ -17,5 +17,5 @@
], ],
"name": "myMPD", "name": "myMPD",
"short_name": "myMPD", "short_name": "myMPD",
"start_url": "/index.html/#/Playback!0/-/" "start_url": "/index.html"
} }

4
mympd.1
View File

@ -28,10 +28,10 @@ enable ssl
listen interface/port for ssl webserver [443] listen interface/port for ssl webserver [443]
.TP .TP
\fB\-C\fR, \fB\-\-sslcert FILENAME\fR \fB\-C\fR, \fB\-\-sslcert FILENAME\fR
filename for ssl certificate [/etc/mympd/server.pem] filename for ssl certificate [/etc/mympd/ssl/server.pem]
.TP .TP
\fB\-K\fR, \fB\-\-sslkey FILENAME\fR \fB\-K\fR, \fB\-\-sslkey FILENAME\fR
filename for ssl key [/etc/mympd/server.key] filename for ssl key [/etc/mympd/ssl/server.key]
.TP .TP
\fB-s\fR, \fB\-\-streamport PORT \fB-s\fR, \fB\-\-streamport PORT
connect to mpd http stream at port [8000] connect to mpd http stream at port [8000]

8
src/mympd.c
View File

@ -126,8 +126,8 @@ int main(int argc, char **argv)
struct mg_bind_opts bind_opts; struct mg_bind_opts bind_opts;
const char *err; const char *err;
bool ssl = false; bool ssl = false;
char *s_ssl_cert = "/etc/mympd/server.pem"; char *s_ssl_cert = "/etc/mympd/ssl/server.pem";
char *s_ssl_key = "/etc/mympd/server.key"; char *s_ssl_key = "/etc/mympd/ssl/server.key";
char hostname[1024]; char hostname[1024];
hostname[1023] = '\0'; hostname[1023] = '\0';
gethostname(hostname, 1023); gethostname(hostname, 1023);
@ -204,8 +204,8 @@ int main(int argc, char **argv)
" -w, --webport [ip:]<port>\tlisten interface/port for webserver [80]\n" " -w, --webport [ip:]<port>\tlisten interface/port for webserver [80]\n"
" -S, --ssl\tenable ssl\n" " -S, --ssl\tenable ssl\n"
" -W, --sslport [ip:]<port>\tlisten interface/port for ssl webserver [443]\n" " -W, --sslport [ip:]<port>\tlisten interface/port for ssl webserver [443]\n"
" -C, --sslcert <filename>\tfilename for ssl certificate [/etc/mympd/server.pem]\n" " -C, --sslcert <filename>\tfilename for ssl certificate [/etc/mympd/ssl/server.pem]\n"
" -K, --sslkey <filename>\tfilename for ssl key [/etc/mympd/server.key]\n" " -K, --sslkey <filename>\tfilename for ssl key [/etc/mympd/ssl/server.key]\n"
" -u, --user <username>\t\tdrop priviliges to user after socket bind\n" " -u, --user <username>\t\tdrop priviliges to user after socket bind\n"
" -v, --version\t\t\tget version\n" " -v, --version\t\t\tget version\n"
" -m, --mpdpass <password>\tspecifies the password to use when connecting to mpd\n" " -m, --mpdpass <password>\tspecifies the password to use when connecting to mpd\n"