2
0

mkcert.c 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172
  1. /* Certificate creation. Demonstrates some certificate related
  2. * operations.
  3. */
  4. #include <stdio.h>
  5. #include <stdlib.h>
  6. #include <openssl/pem.h>
  7. #include <openssl/conf.h>
  8. #include <openssl/x509v3.h>
  9. #ifndef OPENSSL_NO_ENGINE
  10. #include <openssl/engine.h>
  11. #endif
  12. int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
  13. int add_ext(X509 *cert, int nid, char *value);
  14. int main(int argc, char **argv)
  15. {
  16. BIO *bio_err;
  17. X509 *x509=NULL;
  18. EVP_PKEY *pkey=NULL;
  19. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
  20. bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
  21. mkcert(&x509,&pkey,512,0,365);
  22. RSA_print_fp(stdout,pkey->pkey.rsa,0);
  23. X509_print_fp(stdout,x509);
  24. PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
  25. PEM_write_X509(stdout,x509);
  26. X509_free(x509);
  27. EVP_PKEY_free(pkey);
  28. #ifndef OPENSSL_NO_ENGINE
  29. ENGINE_cleanup();
  30. #endif
  31. CRYPTO_cleanup_all_ex_data();
  32. CRYPTO_mem_leaks(bio_err);
  33. BIO_free(bio_err);
  34. return(0);
  35. }
  36. static void callback(int p, int n, void *arg)
  37. {
  38. char c='B';
  39. if (p == 0) c='.';
  40. if (p == 1) c='+';
  41. if (p == 2) c='*';
  42. if (p == 3) c='\n';
  43. fputc(c,stderr);
  44. }
  45. int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
  46. {
  47. X509 *x;
  48. EVP_PKEY *pk;
  49. RSA *rsa;
  50. X509_NAME *name=NULL;
  51. if ((pkeyp == NULL) || (*pkeyp == NULL))
  52. {
  53. if ((pk=EVP_PKEY_new()) == NULL)
  54. {
  55. abort();
  56. return(0);
  57. }
  58. }
  59. else
  60. pk= *pkeyp;
  61. if ((x509p == NULL) || (*x509p == NULL))
  62. {
  63. if ((x=X509_new()) == NULL)
  64. goto err;
  65. }
  66. else
  67. x= *x509p;
  68. rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
  69. if (!EVP_PKEY_assign_RSA(pk,rsa))
  70. {
  71. abort();
  72. goto err;
  73. }
  74. rsa=NULL;
  75. X509_set_version(x,2);
  76. ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
  77. X509_gmtime_adj(X509_get_notBefore(x),0);
  78. X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
  79. X509_set_pubkey(x,pk);
  80. name=X509_get_subject_name(x);
  81. /* This function creates and adds the entry, working out the
  82. * correct string type and performing checks on its length.
  83. * Normally we'd check the return value for errors...
  84. */
  85. X509_NAME_add_entry_by_txt(name,"C",
  86. MBSTRING_ASC, "UK", -1, -1, 0);
  87. X509_NAME_add_entry_by_txt(name,"CN",
  88. MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
  89. /* Its self signed so set the issuer name to be the same as the
  90. * subject.
  91. */
  92. X509_set_issuer_name(x,name);
  93. /* Add various extensions: standard extensions */
  94. add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
  95. add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
  96. add_ext(x, NID_subject_key_identifier, "hash");
  97. /* Some Netscape specific extensions */
  98. add_ext(x, NID_netscape_cert_type, "sslCA");
  99. add_ext(x, NID_netscape_comment, "example comment extension");
  100. #ifdef CUSTOM_EXT
  101. /* Maybe even add our own extension based on existing */
  102. {
  103. int nid;
  104. nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
  105. X509V3_EXT_add_alias(nid, NID_netscape_comment);
  106. add_ext(x, nid, "example comment alias");
  107. }
  108. #endif
  109. if (!X509_sign(x,pk,EVP_md5()))
  110. goto err;
  111. *x509p=x;
  112. *pkeyp=pk;
  113. return(1);
  114. err:
  115. return(0);
  116. }
  117. /* Add extension using V3 code: we can set the config file as NULL
  118. * because we wont reference any other sections.
  119. */
  120. int add_ext(X509 *cert, int nid, char *value)
  121. {
  122. X509_EXTENSION *ex;
  123. X509V3_CTX ctx;
  124. /* This sets the 'context' of the extensions. */
  125. /* No configuration database */
  126. X509V3_set_ctx_nodb(&ctx);
  127. /* Issuer and subject certs: both the target since it is self signed,
  128. * no request and no CRL
  129. */
  130. X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
  131. ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
  132. if (!ex)
  133. return 0;
  134. X509_add_ext(cert,ex,-1);
  135. X509_EXTENSION_free(ex);
  136. return 1;
  137. }