certificate generation (bugfix and improvement)

don't add gmid as organisation when generating the certificate, and
set the version to 3, so it's compatible with java/android clients.

Found by Gnuserland, thanks!
This commit is contained in:
Omar Polo 2021-05-12 17:37:22 +00:00
parent 58d51f2c11
commit 1eb3631d10
2 changed files with 7 additions and 5 deletions

View File

@ -1,3 +1,7 @@
2021-05-12 Omar Polo <op@omarpolo.com>
* utils.c (gen_certificate): don't add gmid as organisation when generating the certificate, and now it set the version 3, so it's compatible with java/android
2021-05-09 Omar Polo <op@omarpolo.com>
* server.c (apply_fastcgi): added fastcgi support!

View File

@ -115,7 +115,6 @@ gen_certificate(const char *hostname, const char *certpath, const char *keypath)
X509 *x509;
X509_NAME *name;
FILE *f;
const unsigned char *org = (const unsigned char*)"gmid";
const unsigned char *host = (const unsigned char*)hostname;
log_notice(NULL,
@ -131,7 +130,7 @@ gen_certificate(const char *hostname, const char *certpath, const char *keypath)
if ((e = BN_new()) == NULL)
fatal("couldn't allocate a bignum");
BN_set_word(e, 17);
BN_set_word(e, RSA_F4);
if (!RSA_generate_key_ex(rsa, 4096, e, NULL))
fatal("couldn't generate a rsa key");
@ -141,16 +140,15 @@ gen_certificate(const char *hostname, const char *certpath, const char *keypath)
if ((x509 = X509_new()) == NULL)
fatal("couldn't generate the X509 certificate");
ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), 315360000L); /* 10 years */
X509_set_version(x509, 3);
if (!X509_set_pubkey(x509, pkey))
fatal("couldn't set the public key");
name = X509_get_subject_name(x509);
if (!X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, org, -1, -1, 0))
fatal("couldn't add N to cert");
if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, host, -1, -1, 0))
fatal("couldn't add CN to cert");
X509_set_issuer_name(x509, name);