Verified Commit 1b77debd authored by Silvio Rhatto's avatar Silvio Rhatto
Browse files

Feat: adds HARICA's onion-csr

parent 819d89f7
[submodule "vendor/mkp224o"]
path = vendor/mkp224o
url = https://github.com/cathugger/mkp224o
[submodule "vendor/onion-csr"]
path = vendor/onion-csr
url = https://github.com/HARICA-official/onion-csr.git
......@@ -181,6 +181,16 @@ correlated. This means that if an attacker takes control of a backend instance t
uses a keypair generated in the same pool, then the attacker can try to regenerate
related keys.
### HARICA X.509 certificates compatibility
Onionmine ships with [onion-csr](https://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues/17) as a submodule
to ease the creation of certificates for HTTPS usage. The provisioning procedure also makes sure that this software is
compiled.
It can be invoked by running
./bin/onion-csr
## Tasks
Check the [issue queue](https://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues)
......
#!/usr/bin/env bash
#
# Wrapper around HARICA's onion-csr.rb
#
# Parameters
BASENAME="`basename $0`"
DIRNAME="`dirname $0`"
source $DIRNAME/params
# Dispatch
cd $BASEDIR/vendor/onion-csr && ./onion-csr.rb "$@"
......@@ -38,6 +38,9 @@ ENV_LOCAL="$POOL/local.conf"
# The libpcre2-dev package is used for regex support
DEPENDENCIES="gcc libsodium-dev make autoconf libpcre2-dev"
# For HARICA's onion-csr
DEPENDENCIES="$DEPENDENCIES ruby-dev build-essential"
# Default flags used for mkp224o compilation
MKP224O_BUILD_FLAGS="--enable-intfilter=native"
......
......@@ -29,3 +29,9 @@ sudo apt install -y $DEPENDENCIES
# Compile
#make -C $BASEDIR compile
# Build HARICA's onion-csr
sudo gem install ffi
cd $BASEDIR/vendor/onion-csr
git submodule update --init --recursive
gcc -shared -o libed25519.so -fPIC ed25519/src/*.c
Subproject commit f6c136892686849d6e908f2ddb5041ccccdda886
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment