|
|
|
|
@ -350,6 +350,8 @@ X509 * generate_x509(EVP_PKEY *pkey, const unsigned char *cn, uint32_t serial, i
|
|
|
|
|
int rc;
|
|
|
|
|
X509 * x = NULL;
|
|
|
|
|
X509_NAME * name= NULL;
|
|
|
|
|
X509_EXTENSION* ext = NULL;
|
|
|
|
|
X509V3_CTX v3_ctx;
|
|
|
|
|
if ((x = X509_new()) == NULL) {
|
|
|
|
|
proxy_error("Unable to run X509_new()\n");
|
|
|
|
|
exit(EXIT_SUCCESS); // we exit gracefully to avoid being restarted
|
|
|
|
|
@ -370,8 +372,6 @@ X509 * generate_x509(EVP_PKEY *pkey, const unsigned char *cn, uint32_t serial, i
|
|
|
|
|
if (ca_x509) {
|
|
|
|
|
rc = X509_set_issuer_name(x, X509_get_subject_name(ca_x509));
|
|
|
|
|
} else {
|
|
|
|
|
X509_EXTENSION* extension = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical, CA:FALSE");
|
|
|
|
|
X509_add_ext(x, extension, -1);
|
|
|
|
|
rc = X509_set_issuer_name(x, name);
|
|
|
|
|
}
|
|
|
|
|
if (rc==0) {
|
|
|
|
|
@ -379,6 +379,19 @@ X509 * generate_x509(EVP_PKEY *pkey, const unsigned char *cn, uint32_t serial, i
|
|
|
|
|
exit(EXIT_SUCCESS); // we exit gracefully to avoid being restarted
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// set the context
|
|
|
|
|
X509V3_set_ctx(&v3_ctx, ca_x509 ? ca_x509 : x, x, NULL, NULL, 0);
|
|
|
|
|
|
|
|
|
|
ext = X509V3_EXT_conf_nid(
|
|
|
|
|
NULL, &v3_ctx, NID_basic_constraints, ca_x509 ? "critical, CA:FALSE" : "critical, CA:TRUE");
|
|
|
|
|
if (ext) {
|
|
|
|
|
X509_add_ext(x, ext, -1);
|
|
|
|
|
X509_EXTENSION_free(ext);
|
|
|
|
|
} else {
|
|
|
|
|
proxy_error("Unable to set certificate extensions: %s\n", ERR_error_string(ERR_get_error(),NULL));
|
|
|
|
|
exit(EXIT_SUCCESS); // we exit gracefully to avoid being restarted
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ca_pkey) {
|
|
|
|
|
rc = X509_sign(x, ca_pkey, EVP_sha256());
|
|
|
|
|
} else {
|
|
|
|
|
|
René Cannaò
5 years ago
committed by
GitHub