5
Cómo agrego estas secciones a un certificado (estoy compilando manualmente usando C++).El certificado OpenSSL carece de identificadores de clave
X509v3 Subject Key Identifier:
A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0
X509v3 Authority Key Identifier:
keyid:A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0
Curently mi código construye sertificate bien, a excepción de aquellas claves ..:/
static X509 * GenerateSigningCertificate(EVP_PKEY* pKey)
{
X509 *x;
x = X509_new(); //create x509 certificate
X509_set_version(x, NID_X509);
ASN1_INTEGER_set(X509_get_serialNumber(x), 0x00000000); //set serial number
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*365); //1 year
X509_set_pubkey(x, pKey); //set pub key from just generated rsa
X509_NAME *name;
name = X509_get_subject_name(x);
NAME_StringField(name, "C", "LV");
NAME_StringField(name, "CN", "Point"); //common name
NAME_StringField(name, "O", "Point"); //organization
X509_set_subject_name(x, name); //save name fields to certificate
X509_set_issuer_name(x, name); //save name fields to certificate
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, "example comment extension");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, "www.lol.lv");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
X509_sign(x, pKey, EVP_sha1()); //sign x509 certificate
return x;
}
FYI: cualquiera que busque en esto como código de ejemplo, esta llamada "X509_set_version (x, NID_X509);" es incorrecto, debería ser "X509_set_version (x, 2);" – Wheezil