subject:"\[Openvpn\-devel\] \[easy\-rsa 3\/4\] build\: doc"

Re: [Openvpn-devel] [easy-rsa 3/4] build: doc

2012-03-08 Thread Samuli Seppänen

Looks good. Moves docs into a separate directory with it's own makefile.
Provided that patch 2/4 was sane autotools-vise, I give this one an ACK.

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock


> Signed-off-by: Alon Bar-Lev 
> ---
>  Makefile.am |2 +-
>  configure.ac|1 +
>  doc/Makefile.am |   16 
>  doc/README-1.0  |  161 
>  doc/README-2.0  |  229 
> +++
>  easy-rsa/1.0/README |  161 
>  easy-rsa/2.0/README |  229 
> ---
>  7 files changed, 408 insertions(+), 391 deletions(-)
>  create mode 100644 doc/Makefile.am
>  create mode 100644 doc/README-1.0
>  create mode 100644 doc/README-2.0
>  delete mode 100644 easy-rsa/1.0/README
>  delete mode 100644 easy-rsa/2.0/README
>
> diff --git a/Makefile.am b/Makefile.am
> index f6433d5..743da35 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -33,7 +33,7 @@ MAINTAINERCLEANFILES = \
> $(srcdir)/depcomp $(srcdir)/aclocal.m4 \
> $(srcdir)/config.guess $(srcdir)/config.sub
>
> -EXTRA_DIST = easy-rsa
> +EXTRA_DIST = doc easy-rsa
>
>  dist_doc_DATA = \
> COPYRIGHT.GPL \
> diff --git a/configure.ac b/configure.ac
> index f9625e5..1e52ece 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -47,5 +47,6 @@ AC_SUBST([easyrsadir])
>
>  AC_CONFIG_FILES([
> Makefile
> +   doc/Makefile
>  ])
>  AC_OUTPUT
> diff --git a/doc/Makefile.am b/doc/Makefile.am
> new file mode 100644
> index 000..de183c6
> --- /dev/null
> +++ b/doc/Makefile.am
> @@ -0,0 +1,16 @@
> +#
> +#  Easy-RSA -- This is a small RSA key management package, based on the 
> openssl
> +#  command line tool, that can be found in the easy-rsa 
> subdirectory
> +#  of the OpenVPN distribution.  While this tool is primary 
> concerned
> +#  with key management for the SSL VPN application space, it can 
> also
> +#  be used for building web certificates.
> +#
> +#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
> +#  Copyright (C) 2006-2012 Alon Bar-Lev 
> +#
> +
> +MAINTAINERCLEANFILES = \
> +   $(srcdir)/Makefile.in
> +
> +dist_doc_DATA = README-2.0
> +dist_noinst_DATA = README-1.0
> diff --git a/doc/README-1.0 b/doc/README-1.0
> new file mode 100644
> index 000..fd424ef
> --- /dev/null
> +++ b/doc/README-1.0
> @@ -0,0 +1,161 @@
> +This is a small RSA key management package,
> +based on the openssl command line tool, that
> +can be found in the easy-rsa subdirectory
> +of the OpenVPN distribution.
> +
> +These are reference notes.  For step
> +by step instructions, see the HOWTO:
> +
> +http://openvpn.net/howto.html
> +
> +INSTALL
> +
> +1. Edit vars.
> +2. Set KEY_CONFIG to point to the openssl.cnf file
> +   included in this distribution.
> +3. Set KEY_DIR to point to a directory which will
> +   contain all keys, certificates, etc.  This
> +   directory need not exist, and if it does,
> +   it will be deleted with rm -rf, so BE
> +   CAREFUL how you set KEY_DIR.
> +4. (Optional) Edit other fields in vars
> +   per your site data.  You may want to
> +   increase KEY_SIZE to 2048 if you are
> +   paranoid and don't mind slower key
> +   processing, but certainly 1024 is
> +   fine for testing purposes.  KEY_SIZE
> +   must be compatible across both peers
> +   participating in a secure SSL/TLS
> +   connection.
> +5  . vars
> +6. ./clean-all
> +7. As you create certificates, keys, and
> +   certificate signing requests, understand that
> +   only .key files should be kept confidential.
> +   .crt and .csr files can be sent over insecure
> +   channels such as plaintext email.
> +8. You should never need to copy a .key file
> +   between computers.  Normally each computer
> +   will have its own certificate/key pair.
> +
> +BUILD YOUR OWN ROOT CERTIFICATE AUTHORITY (CA) CERTIFICATE/KEY
> +
> +1. ./build-ca
> +2. ca.crt and ca.key will be built in your KEY_DIR
> +   directory
> +
> +BUILD AN INTERMEDIATE CERTIFICATE AUTHORITY CERTIFICATE/KEY (optional)
> +
> +1. ./build-inter inter
> +2. inter.crt and inter.key will be built in your KEY_DIR
> +   directory and signed with your root certificate.
> +
> +BUILD DIFFIE-HELLMAN PARAMETERS (necessary for
> +the server end of a SSL/TLS connection).
> +
> +1. ./build-dh
> +
> +BUILD A CERTIFICATE SIGNING REQUEST (If
> +you want to sign your certificate with a root
> +certificate controlled by another individual
> +or organization, or residing on a different machine).
> +
> +1. Get ca.crt (the root certificate) from your
> +   certificate authority.  Though this
> +   transfer can be over an insecure channel, to prevent
> +   man-in-the-middle attacks you must confirm that
> +   ca.crt was not tampered with.  Large CAs solve this
> +   problem by hardwiring their

[Openvpn-devel] [easy-rsa 3/4] build: doc

2012-02-29 Thread Alon Bar-Lev


Signed-off-by: Alon Bar-Lev 
---
 Makefile.am |2 +-
 configure.ac|1 +
 doc/Makefile.am |   16 
 doc/README-1.0  |  161 
 doc/README-2.0  |  229 +++
 easy-rsa/1.0/README |  161 
 easy-rsa/2.0/README |  229 ---
 7 files changed, 408 insertions(+), 391 deletions(-)
 create mode 100644 doc/Makefile.am
 create mode 100644 doc/README-1.0
 create mode 100644 doc/README-2.0
 delete mode 100644 easy-rsa/1.0/README
 delete mode 100644 easy-rsa/2.0/README

diff --git a/Makefile.am b/Makefile.am
index f6433d5..743da35 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -33,7 +33,7 @@ MAINTAINERCLEANFILES = \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
$(srcdir)/config.guess $(srcdir)/config.sub

-EXTRA_DIST = easy-rsa
+EXTRA_DIST = doc easy-rsa

 dist_doc_DATA = \
COPYRIGHT.GPL \
diff --git a/configure.ac b/configure.ac
index f9625e5..1e52ece 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,5 +47,6 @@ AC_SUBST([easyrsadir])

 AC_CONFIG_FILES([
Makefile
+   doc/Makefile
 ])
 AC_OUTPUT
diff --git a/doc/Makefile.am b/doc/Makefile.am
new file mode 100644
index 000..de183c6
--- /dev/null
+++ b/doc/Makefile.am
@@ -0,0 +1,16 @@
+#
+#  Easy-RSA -- This is a small RSA key management package, based on the openssl
+#  command line tool, that can be found in the easy-rsa 
subdirectory
+#  of the OpenVPN distribution.  While this tool is primary 
concerned
+#  with key management for the SSL VPN application space, it can 
also
+#  be used for building web certificates.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
+#  Copyright (C) 2006-2012 Alon Bar-Lev 
+#
+
+MAINTAINERCLEANFILES = \
+   $(srcdir)/Makefile.in
+
+dist_doc_DATA = README-2.0
+dist_noinst_DATA = README-1.0
diff --git a/doc/README-1.0 b/doc/README-1.0
new file mode 100644
index 000..fd424ef
--- /dev/null
+++ b/doc/README-1.0
@@ -0,0 +1,161 @@
+This is a small RSA key management package,
+based on the openssl command line tool, that
+can be found in the easy-rsa subdirectory
+of the OpenVPN distribution.
+
+These are reference notes.  For step
+by step instructions, see the HOWTO:
+
+http://openvpn.net/howto.html
+
+INSTALL
+
+1. Edit vars.
+2. Set KEY_CONFIG to point to the openssl.cnf file
+   included in this distribution.
+3. Set KEY_DIR to point to a directory which will
+   contain all keys, certificates, etc.  This
+   directory need not exist, and if it does,
+   it will be deleted with rm -rf, so BE
+   CAREFUL how you set KEY_DIR.
+4. (Optional) Edit other fields in vars
+   per your site data.  You may want to
+   increase KEY_SIZE to 2048 if you are
+   paranoid and don't mind slower key
+   processing, but certainly 1024 is
+   fine for testing purposes.  KEY_SIZE
+   must be compatible across both peers
+   participating in a secure SSL/TLS
+   connection.
+5  . vars
+6. ./clean-all
+7. As you create certificates, keys, and
+   certificate signing requests, understand that
+   only .key files should be kept confidential.
+   .crt and .csr files can be sent over insecure
+   channels such as plaintext email.
+8. You should never need to copy a .key file
+   between computers.  Normally each computer
+   will have its own certificate/key pair.
+
+BUILD YOUR OWN ROOT CERTIFICATE AUTHORITY (CA) CERTIFICATE/KEY
+
+1. ./build-ca
+2. ca.crt and ca.key will be built in your KEY_DIR
+   directory
+
+BUILD AN INTERMEDIATE CERTIFICATE AUTHORITY CERTIFICATE/KEY (optional)
+
+1. ./build-inter inter
+2. inter.crt and inter.key will be built in your KEY_DIR
+   directory and signed with your root certificate.
+
+BUILD DIFFIE-HELLMAN PARAMETERS (necessary for
+the server end of a SSL/TLS connection).
+
+1. ./build-dh
+
+BUILD A CERTIFICATE SIGNING REQUEST (If
+you want to sign your certificate with a root
+certificate controlled by another individual
+or organization, or residing on a different machine).
+
+1. Get ca.crt (the root certificate) from your
+   certificate authority.  Though this
+   transfer can be over an insecure channel, to prevent
+   man-in-the-middle attacks you must confirm that
+   ca.crt was not tampered with.  Large CAs solve this
+   problem by hardwiring their root certificates into
+   popular web browsers.  A simple way to verify a root
+   CA is to call the issuer on the telephone and confirm
+   that the md5sum or sha1sum signatures on the ca.crt
+   files match (such as with the command: "md5sum ca.crt").
+2. Choose a name for your certificate such as your computer
+   name.  In our example we will use "mycert".
+3. ./build-req mycert
+4. You can ignore most of the fields, but set
+   "Common Name" to something unique such as your
+   computer's host name.  Leave all

Re: [Openvpn-devel] [easy-rsa 3/4] build: doc

[Openvpn-devel] [easy-rsa 3/4] build: doc

2 matches

Site Navigation

Mail list logo

Footer information