zxid
21 results

 view release on metacpan or  search on metacpan

certauth.c  view on Meta::CPAN 

    days = atoi(end_date + 5);
    X509_gmtime_adj(X509_get_notAfter(cert),(long)60*60*24*days);
  } else
    ASN1_UTCTIME_set_string(X509_get_notAfter(cert),(char*)end_date);

  /* Copy the public key from the request */
  
  if (!(req_pkey=X509_REQ_get_pubkey(req)))
    GOTO_ERR("cant get public key from request");
  if (!X509_set_pubkey(cert, req_pkey)) GOTO_ERR("cant set public key");
  EVP_PKEY_free(req_pkey);
  req_pkey = NULL;

  /* Set extensions */
  
  if (add_some_X509v3_extensions(cert,basic_constraints, cert_type,
				 key_usage, comment)==-1) goto err;
  
  /* Sign it into a certificate */
  
  LOG_PRINT("ca signing x509");
#if 0
  if (!(X509_sign(cert, ca_pkey, EVP_md5()))) GOTO_ERR("X509_sign");
#else
  if (!(X509_sign(cert, ca_pkey, EVP_sha256()))) GOTO_ERR("X509_sign");
#endif

  X509V3_EXT_cleanup();
  OBJ_cleanup();
  return cert;

err:
  X509V3_EXT_cleanup();
  OBJ_cleanup();
  if (req_pkey) EVP_PKEY_free(req_pkey);
  if (cert) X509_free(cert);
  return NULL;
}

/* Called by:  main */
char*  /* returns pem encoded certificate, or NULL if error */
smime_ca(const char* ca_id_pem,
	 const char* passwd,
	 const char* req_pem,
	 const char* start_date,
	 const char* end_date,
	 long serial,
	 const char* basic_constraints,
	 const char* cert_type,
	 const char* key_usage,
	 const char* comment)
{
  X509* ca_cert = NULL;
  X509* new_cert = NULL;
  X509_REQ* req = NULL;
  EVP_PKEY* ca_pkey = NULL;
  char* ret = NULL;
  
  if (!ca_id_pem || !passwd || !req_pem) GOTO_ERR("NULL arg(s)");

  if (!(ca_pkey = open_private_key(ca_id_pem, passwd))) goto err;
  if (!(ca_cert = extract_certificate(ca_id_pem))) goto err;
  if (!(req = extract_request(req_pem))) goto err;
  
  if (!(new_cert = certification_authority(ca_cert, ca_pkey, req,
					   start_date, end_date, serial,
					   basic_constraints, cert_type,
					   key_usage, comment))) goto err;
  write_certificate(new_cert, &ret);
  
err:
  if (ca_cert)  X509_free(ca_cert);
  if (req)      X509_REQ_free(req);
  if (ca_pkey)  EVP_PKEY_free(ca_pkey);
  if (new_cert) X509_free(new_cert);
  return ret;
}

/* EOF  -  certauth.c */



( run in 2.263 seconds using v1.01-cache-2.11-cpan-75ffa21a3d4 )