update example secret key / cert, etc.

cofyc · cofyc · commit 5c7bfc2bf725 · 2016-07-11T12:27:39.000+08:00
diff --git a/README.md b/README.md
@@ -38,11 +38,13 @@ On OpenBSD:
 
     $ pkg_add -r gmake autoconf
     $ pkg_add -r libevent
+    $ git clone --recursive git://github.com/cofyc/dnscrypt-wrapper.git
+    $ cd dnscrypt-wrapper
     $ gmake LDFLAGS='-L/usr/local/lib/' CFLAGS=-I/usr/local/include/
 
 On MacOS:
 
-    $ brew install dnscrypt-wrapper # best recommended
+    $ brew install dnscrypt-wrapper
 
 In Docker:
 
@@ -72,7 +74,9 @@ This will print it out.
 and authenticate DNS queries. Also generate a certificate for it:
 
     $ dnscrypt-wrapper --gen-crypt-keypair --crypt-secretkey-file=1.key
-    $ dnscrypt-wrapper --gen-cert-file --crypt-secretkey-file=1.key --provider-cert-file=1.cert
+    $ dnscrypt-wrapper --gen-cert-file --crypt-secretkey-file=1.key --provider-cert-file=1.cert \
+        --provider-publickey-file=public.key --provider-secretkey-file=secret.key \
+        --cert-file-expire-days=365
 
 In this example, the time-limited secret key will be saved as `1.key`
 and its related certificate as `1.cert` in the current directory.
@@ -82,7 +86,7 @@ without requiring clients to update their configuration.
 
 3) Run the program with a given key, a provider name and the most recent certificate:
 
-    # dnscrypt-wrapper --resolver-address=114.114.114.114:53 --listen-address=0.0.0.0:443 \
+    # dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:443 \
                        --provider-name=2.dnscrypt-cert.yechengfu.com \
                        --crypt-secretkey-file=1.key --provider-cert-file=1.cert
 
@@ -171,7 +175,7 @@ its certificate:
 2) Tell new users to use the new certificate but still accept the old
 key until all clients have loaded the new certificate:
 
-    # dnscrypt-wrapper --resolver-address=114.114.114.114:53 --listen-address=0.0.0.0:443 \
+    # dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:443 \
                        --provider-name=2.dnscrypt-cert.yechengfu.com \
                        --crypt-secretkey-file=1.key,2.key --provider-cert-file=2.cert
 
@@ -182,7 +186,7 @@ accept both the previous and the current key.
 after one hour, the old certificate can be refused, by leaving only
 the new one in the configuration:
 
-    # dnscrypt-wrapper --resolver-address=114.114.114.114:53 --listen-address=0.0.0.0:443 \
+    # dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:443 \
                        --provider-name=2.dnscrypt-cert.yechengfu.com \
                        --crypt-secretkey-file=2.key --provider-cert-file=2.cert
 
diff --git a/configure.ac b/configure.ac
@@ -66,7 +66,7 @@ fi
 
 # libsodium
 AC_ARG_WITH(sodium,
-    [AS_HELP_STRING([--with-sodium=DIR], [where to find the event library])],
+    [AS_HELP_STRING([--with-sodium=DIR], [where to find the sodium library])],
     [if test -d "$withval"; then
         LDFLAGS="$LDFLAGS -L$withval/lib"
         CFLAGS="$CFLAGS -I$withval/include"
diff --git a/example/1.cert b/example/1.cert
diff --git a/example/1.key b/example/1.key
@@ -0,0 +1 @@
+@ÐH����{��:�����ʥ��|]n
diff --git a/example/README.md b/example/README.md
@@ -4,8 +4,20 @@ A demo example.
 
 ## Usage
 
+1, open a new terminal, run
+
 ```
 ./start_wrapper.sh
+```
+
+2, open a new terminal, run
+
+```
 ./start_proxy.sh
+```
+
+3, test
+
+```
 dig www.google.com @127.0.0.1 -p 8855
 ```
diff --git a/example/crypt_secret.key b/example/crypt_secret.key
diff --git a/example/dnscrypt.cert b/example/dnscrypt.cert
diff --git a/example/start_proxy.sh b/example/start_proxy.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
 
-dnscrypt-proxy -d -a 127.0.0.1:8855 -r 127.0.0.1:8854 \
+dnscrypt-proxy -a 127.0.0.1:8855 -r 127.0.0.1:8854 \
     --provider-name=2.dnscrypt-cert.yechengfu.com \
     --provider-key=3686:91DF:DC22:8DBB:67BF:9EF6:5471:C831:B468:E0F8:18D9:6CB1:254E:3BE7:7A88:AB24
diff --git a/example/start_wrapper.sh b/example/start_wrapper.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
-../dnscrypt-wrapper --resolver-address=114.114.114.114:53 --listen-address=0.0.0.0:8854 \
+../dnscrypt-wrapper --resolver-address=8.8.8.8:53 --listen-address=0.0.0.0:8854 \
     --provider-name=2.dnscrypt-cert.yechengfu.com \
-    --provider-cert-file=dnscrypt.cert \
-    --crypt-secretkey-file=crypt_secret.key \
+    --provider-cert-file=1.cert \
+    --crypt-secretkey-file=1.key \
     -VV
diff --git a/main.c b/main.c
@@ -336,6 +336,7 @@ main(int argc, const char **argv)
             exit(1);
         }
     }
+
     // setup logger
     if (c.logfile) {
         logger_logfile = c.logfile;
@@ -416,9 +417,9 @@ main(int argc, const char **argv)
         printf("* Record for tinydns:\n");
         cert_display_txt_record_tinydns(signed_cert);
         printf("\n");
-        if (!write_to_file
+        if (write_to_file
             (c.provider_cert_file, (char *)signed_cert,
-             sizeof(struct SignedCert)) == 0) {
+             sizeof(struct SignedCert)) != 0) {
             logger(LOG_ERR, "The new certificate was not saved - "
                    "Maybe the %s file already exists - please delete it first.",
                    c.provider_cert_file);
