x509 certificate generation patch #10

Open
wants to merge 3 commits into
from

Projects

None yet

2 participants

@itsnotlupus

x509.createCert(bitSize, days, entries, extensions) now takes four arguments.

Sample usage:

c1 = dcrypt.x509.createCert(1024, 10, { 
  CN:"bob.com",
  C:"XX",
  O:"Organization of evil geniuses",
  OU:"Sub-division of testy mutants"
}, {
  "basicConstraints": "critical,CA:TRUE",
  "keyUsage": "critical,keyCertSign,cRLSign",
  "subjectKeyIdentifier": "hash",
  "nsCertType": "sslCA",
  "nsComment": "This certificate should not be placed near feta cheese"
});

The function returns an object with two members, "x509" for the certificate and "pkey" for the private key.

Note that createCert() will not automatically self-signed the certificate anymore. There's a new function for that:

x509.signCert(cert, ca_cert, ca_pkey) will sign a certificate.

To get the old self-signed behavior, use something like

c1.x509 = dcrypt.x509.signCert(c1.x509, c1.x509, c1.pkey);

Also, x509.parse() has a couple of fixes to prevent runaway strings from showing up in its output.

@dekz
Owner
dekz commented Jul 20, 2011

Yeah it was still in the early stages of working in the certs. Thanks for the patches, much appreciated. I'll hopefully pull down the changes check them out and merge it in tonight.

@itsnotlupus

Note that since I'm a n00b at git and I didn't realize new commits to my tree would end up in the same pull request, there's a 3d commit that adds a 5th parameter to createCert(). now the function sig looks like:

dcrypt.x509.createCert(bitSize, days, serial, entries, extensions);

(Apparently browsers hate seeing the same serial on certs signed by a common CA.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment