kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 0b907312ef4599aa16be61fe424b6abce6f21afd
parent d74f039a0cdc1510884f5bff3b9c5eaba0464f4b
Author: Joris Vink <joris@coders.se>
Date:   Mon, 11 Aug 2014 16:11:37 +0200

let kore build generate certs with a more unique issuer

also fix spacing and asset print information.

Diffstat:
src/cli.c | 17+++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/cli.c b/src/cli.c @@ -29,6 +29,7 @@ #include <libgen.h> #include <inttypes.h> #include <fcntl.h> +#include <time.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -604,7 +605,7 @@ cli_build_asset(char *fpath, struct dirent *dp) cli_file_open(cpath, O_CREAT | O_TRUNC | O_WRONLY, &out); /* No longer need name so cut off the extension. */ - printf("building asset %s\n", name); + printf("building asset %s\n", dp->d_name); *(ext)++ = '\0'; /* Start generating the file. */ @@ -720,11 +721,12 @@ cli_generate_certs(void) #if !defined(KORE_BENCHMARK) BIGNUM *e; FILE *fp; + time_t now; X509_NAME *name; EVP_PKEY *pkey; X509 *x509; RSA *kpair; - char *fpath; + char *fpath, issuer[64]; /* Create new certificate. */ if ((x509 = X509_new()) == NULL) @@ -752,14 +754,16 @@ cli_generate_certs(void) if (!EVP_PKEY_assign_RSA(pkey, kpair)) cli_fatal("EVP_PKEY_assign_RSA(): %s", ssl_errno_s); - /* Set serial number to 0. */ - if (!ASN1_INTEGER_set(X509_get_serialNumber(x509), 0)) + /* Set serial number to current timestamp. */ + time(&now); + if (!ASN1_INTEGER_set(X509_get_serialNumber(x509), now)) cli_fatal("ASN1_INTEGER_set(): %s", ssl_errno_s); /* Not before and not after dates. */ if (!X509_gmtime_adj(X509_get_notBefore(x509), 0)) cli_fatal("X509_gmtime_adj(): %s", ssl_errno_s); - if (!X509_gmtime_adj(X509_get_notAfter(x509), (long)60 *60 * 24 * 3000)) + if (!X509_gmtime_adj(X509_get_notAfter(x509), + (long)60 * 60 * 24 * 3000)) cli_fatal("X509_gmtime_adj(): %s", ssl_errno_s); /* Attach the pkey to the certificate. */ @@ -770,11 +774,12 @@ cli_generate_certs(void) if ((name = X509_get_subject_name(x509)) == NULL) cli_fatal("X509_get_subject_name(): %s", ssl_errno_s); + (void)snprintf(issuer, sizeof(issuer), "kore autogen: %s", appl); if (!X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"SE", -1, -1, 0)) cli_fatal("X509_NAME_add_entry_by_txt(): C %s", ssl_errno_s); if (!X509_NAME_add_entry_by_txt(name, "O", - MBSTRING_ASC, (const unsigned char *)"kore autogen", -1, -1, 0)) + MBSTRING_ASC, (const unsigned char *)issuer, -1, -1, 0)) cli_fatal("X509_NAME_add_entry_by_txt(): O %s", ssl_errno_s); if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const unsigned char *)"localhost", -1, -1, 0))