From bebbf5bd8bef496e08bc0d6a094cc1b915f61a90 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Mon, 20 Mar 2023 09:44:37 +0100
Subject: wip rsa-ecc proxy

---
 cluster/prod/app/email/integration/README.md       | 23 ++++++++++++++++++++++
 .../prod/app/email/integration/tls-tls-proxy.sh    | 13 ++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 cluster/prod/app/email/integration/README.md
 create mode 100644 cluster/prod/app/email/integration/tls-tls-proxy.sh

(limited to 'cluster/prod/app/email/integration')

diff --git a/cluster/prod/app/email/integration/README.md b/cluster/prod/app/email/integration/README.md
new file mode 100644
index 0000000..d396277
--- /dev/null
+++ b/cluster/prod/app/email/integration/README.md
@@ -0,0 +1,23 @@
+# Email
+
+## TLS TLS Proxy
+
+Required for Android 7.0 that does not support elliptic curves.
+
+Generate a key:
+
+```bash
+openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout rsa.key -out rsa.crt -subj "/CN=imap.deuxfleurs.fr" -addext "subjectAltName=DNS:smtp.deuxfleurs.fr"
+```
+
+Run the command:
+
+```bash
+./integration/proxy.sh imap.deuxfleurs.fr:993 1993
+```
+
+Test it:
+
+```bash
+openssl s_client localhost:1993
+```
diff --git a/cluster/prod/app/email/integration/tls-tls-proxy.sh b/cluster/prod/app/email/integration/tls-tls-proxy.sh
new file mode 100644
index 0000000..afb7317
--- /dev/null
+++ b/cluster/prod/app/email/integration/tls-tls-proxy.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+UPSTREAM=$1
+PROXY_PORT=$2
+socat -dd \
+"openssl-listen:${PROXY_PORT},\
+reuseaddr,\
+fork,\
+cert=/tmp/tls-tls-proxy/rsa.crt,\
+key=/tmp/tls-tls-proxy/rsa.key,\
+verify=0,\
+bind=0.0.0.0" \
+"openssl:${UPSTREAM},\
+verify=0"
-- 
cgit v1.2.3