mirror of https://github.com/omar-polo/gmid.git
certificate generation (bugfix and improvement)
don't add gmid as organisation when generating the certificate, and set the version to 3, so it's compatible with java/android clients. Found by Gnuserland, thanks!
This commit is contained in:
parent
58d51f2c11
commit
1eb3631d10
|
@ -1,3 +1,7 @@
|
|||
2021-05-12 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* utils.c (gen_certificate): don't add gmid as organisation when generating the certificate, and now it set the version 3, so it's compatible with java/android
|
||||
|
||||
2021-05-09 Omar Polo <op@omarpolo.com>
|
||||
|
||||
* server.c (apply_fastcgi): added fastcgi support!
|
||||
|
|
8
utils.c
8
utils.c
|
@ -115,7 +115,6 @@ gen_certificate(const char *hostname, const char *certpath, const char *keypath)
|
|||
X509 *x509;
|
||||
X509_NAME *name;
|
||||
FILE *f;
|
||||
const unsigned char *org = (const unsigned char*)"gmid";
|
||||
const unsigned char *host = (const unsigned char*)hostname;
|
||||
|
||||
log_notice(NULL,
|
||||
|
@ -131,7 +130,7 @@ gen_certificate(const char *hostname, const char *certpath, const char *keypath)
|
|||
if ((e = BN_new()) == NULL)
|
||||
fatal("couldn't allocate a bignum");
|
||||
|
||||
BN_set_word(e, 17);
|
||||
BN_set_word(e, RSA_F4);
|
||||
if (!RSA_generate_key_ex(rsa, 4096, e, NULL))
|
||||
fatal("couldn't generate a rsa key");
|
||||
|
||||
|
@ -141,16 +140,15 @@ gen_certificate(const char *hostname, const char *certpath, const char *keypath)
|
|||
if ((x509 = X509_new()) == NULL)
|
||||
fatal("couldn't generate the X509 certificate");
|
||||
|
||||
ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
|
||||
ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
|
||||
X509_gmtime_adj(X509_get_notBefore(x509), 0);
|
||||
X509_gmtime_adj(X509_get_notAfter(x509), 315360000L); /* 10 years */
|
||||
X509_set_version(x509, 3);
|
||||
|
||||
if (!X509_set_pubkey(x509, pkey))
|
||||
fatal("couldn't set the public key");
|
||||
|
||||
name = X509_get_subject_name(x509);
|
||||
if (!X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, org, -1, -1, 0))
|
||||
fatal("couldn't add N to cert");
|
||||
if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, host, -1, -1, 0))
|
||||
fatal("couldn't add CN to cert");
|
||||
X509_set_issuer_name(x509, name);
|
||||
|
|
Loading…
Reference in New Issue