|
@@ -203,8 +203,23 @@ int selfsigned(WC_RNG *rng, char **arg) {
|
|
|
strncpy(newCert.subject.org, val, CTC_NAME_SIZE);
|
|
|
else if (!strcmp(key, "OU"))
|
|
|
strncpy(newCert.subject.unit, val, CTC_NAME_SIZE);
|
|
|
- else if (!strcmp(key, "CN"))
|
|
|
+ else if (!strcmp(key, "CN")) {
|
|
|
strncpy(newCert.subject.commonName, val, CTC_NAME_SIZE);
|
|
|
+
|
|
|
+#ifdef WOLFSSL_ALT_NAMES
|
|
|
+ if(strlen(val) + 2 > 256) {
|
|
|
+ fprintf(stderr, "error: CN is too long: %s\n", val);
|
|
|
+ return 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ newCert.altNames[0] = 0x30; //Sequence with one element
|
|
|
+ newCert.altNames[1] = strlen(val) + 2; // Length of entire sequence
|
|
|
+ newCert.altNames[2] = 0x82; //8 - String, 2 - DNS Name
|
|
|
+ newCert.altNames[3] = strlen(val); //DNS Name length
|
|
|
+ memcpy(newCert.altNames + 4, val, strlen(val)); //DNS Name
|
|
|
+ newCert.altNamesSz = strlen(val) + 4;
|
|
|
+#endif
|
|
|
+ }
|
|
|
else if (!strcmp(key, "EMAIL"))
|
|
|
strncpy(newCert.subject.email, val, CTC_NAME_SIZE);
|
|
|
else
|
|
@@ -216,6 +231,9 @@ int selfsigned(WC_RNG *rng, char **arg) {
|
|
|
}
|
|
|
newCert.daysValid = days;
|
|
|
|
|
|
+ newCert.keyUsage = KEYUSE_DIGITAL_SIG | KEYUSE_CONTENT_COMMIT | KEYUSE_KEY_ENCIPHER;
|
|
|
+ newCert.extKeyUsage = EXTKEYUSE_SERVER_AUTH;
|
|
|
+
|
|
|
gen_key(rng, &ecKey, &rsaKey, type, keySz, exp, curve);
|
|
|
write_key(&ecKey, &rsaKey, type, keySz, keypath, pem);
|
|
|
|
|
@@ -232,8 +250,10 @@ int selfsigned(WC_RNG *rng, char **arg) {
|
|
|
subject, fstr, tstr);
|
|
|
|
|
|
if (type == EC_KEY_TYPE) {
|
|
|
+ newCert.sigType = CTC_SHA256wECDSA;
|
|
|
ret = wc_MakeCert(&newCert, derBuf, sizeof(derBuf), NULL, &ecKey, rng);
|
|
|
} else {
|
|
|
+ newCert.sigType = CTC_SHA256wRSA;
|
|
|
ret = wc_MakeCert(&newCert, derBuf, sizeof(derBuf), &rsaKey, NULL, rng);
|
|
|
}
|
|
|
if (ret <= 0) {
|
|
@@ -242,11 +262,9 @@ int selfsigned(WC_RNG *rng, char **arg) {
|
|
|
}
|
|
|
|
|
|
if (type == EC_KEY_TYPE) {
|
|
|
- newCert.sigType = CTC_SHA256wECDSA;
|
|
|
ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, sizeof(derBuf),
|
|
|
NULL, &ecKey, rng);
|
|
|
} else {
|
|
|
- newCert.sigType = CTC_SHA256wRSA;
|
|
|
ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, sizeof(derBuf),
|
|
|
&rsaKey, NULL, rng);
|
|
|
}
|