Permalink
Browse files

Add option to specify certificate expiration (in days)

  • Loading branch information...
Maciej Soltysiak
Maciej Soltysiak committed Oct 14, 2014
1 parent 2e6d756 commit 6b9603205d3698f932975a149d2cef6eb0f1ddc6
Showing with 11 additions and 4 deletions.
  1. +5 −2 cert.c
  2. +3 −1 cert.h
  3. +3 −1 main.c
7 cert.c
@@ -1,7 +1,7 @@
#include "dnscrypt.h"
struct SignedCert *
cert_build_cert(const uint8_t *crypt_publickey)
cert_build_cert(const uint8_t *crypt_publickey, int cert_file_expire_days)
{
struct SignedCert *signed_cert = malloc(sizeof(struct SignedCert));
if (!signed_cert)
@@ -19,7 +19,10 @@ cert_build_cert(const uint8_t *crypt_publickey)
sizeof(signed_cert->magic_query));
memcpy(signed_cert->serial, "0001", 4);
uint32_t ts_begin = (uint32_t)time(NULL);
uint32_t ts_end = ts_begin + 365 * 24 * 3600;
uint32_t ts_end = ts_begin + cert_file_expire_days * 24 * 3600;
if (cert_file_expire_days <= 0) {
ts_begin = ts_end;
}
ts_begin = htonl(ts_begin);
ts_end = htonl(ts_end);
memcpy(signed_cert->ts_begin, &ts_begin, 4);
4 cert.h
@@ -7,6 +7,8 @@
#define CERT_MINOR_VERSION 0
#define CERT_MAGIC_HEADER "7PYqwfzt"
#define CERT_FILE_EXPIRE_DAYS 365
struct SignedCert {
uint8_t magic_cert[4];
uint8_t version_major[2];
@@ -21,7 +23,7 @@ struct SignedCert {
uint8_t end[64];
};
struct SignedCert *cert_build_cert(const uint8_t *crypt_publickey);
struct SignedCert *cert_build_cert(const uint8_t *crypt_publickey, int cert_file_expire_days);
int cert_sign(struct SignedCert *signed_cert,
const uint8_t *provider_secretkey);
int cert_unsign(struct SignedCert *signed_cert,
4 main.c
@@ -188,6 +188,7 @@ main(int argc, const char **argv)
int gen_provider_keypair = 0;
int gen_crypt_keypair = 0;
int gen_cert_file = 0;
int cert_file_expire_days = CERT_FILE_EXPIRE_DAYS;
int verbose = 0;
struct argparse argparse;
struct argparse_option options[] = {
@@ -219,6 +220,7 @@ main(int argc, const char **argv)
"provider secret key file"),
OPT_BOOLEAN(0, "gen-cert-file", &gen_cert_file,
"generate pre-signed certificate"),
OPT_INTEGER(0, "cert-file-expire-days", &cert_file_expire_days),
OPT_STRING(0, "provider-name", &c.provider_name, "provider name"),
OPT_STRING(0, "provider-cert-file", &c.provider_cert_file,
"use this to self-serve cert file"),
@@ -323,7 +325,7 @@ main(int argc, const char **argv)
exit(1);
}
logger(LOG_NOTICE, "Generating pre-signed certificate.");
struct SignedCert *signed_cert = cert_build_cert(c.crypt_publickey);
struct SignedCert *signed_cert = cert_build_cert(c.crypt_publickey, cert_file_expire_days);
if (!signed_cert || cert_sign(signed_cert, c.provider_secretkey) != 0) {
logger(LOG_NOTICE, "Failed.");
exit(1);

0 comments on commit 6b96032

Please sign in to comment.