#define RSA_KEY_PUBLIC_EXPONENT 65537 /* Public exponent for RSA private key generating */
#define RSA_KEYSIZE 2048 /* Size of generated RSA keys */
#define GENERATED_CERT_VALID_FROM "20100101000000" /* Date and time, which will be set in generated certificates as parameter valid from */
-#define GENERATED_CERT_VALID_TO "20401231235959" /* Date and time, which will be setted in generated certificates as parameter valid to */
+#define GENERATED_CERT_VALID_TO "20401231235959" /* Date and time, which will be set in generated certificates as parameter valid to */
#define CERT_SIGNATURE_ALGORITHM MBEDTLS_MD_SHA256 /* The MD algorithm to use for the signature */
#define CERT_SERIAL_NUM_LENGTH 4 /* Bytes of hash to be used for creating serial number of certificate. Min=2 and max=16 */
-#define LIMIT_MUTEX_NUMBER /* If this macro is defined, mutexes count for generating private keys is changed from 65536 to 32 */
#define INVALID_CERT_INFO_BUF_SIZE 2048 /* Size of buffer for message with information about reason of certificate invalidity. Data after the end of buffer will not be saved */
#define CERT_PARAM_COMMON_NAME "CN="
#define CERT_PARAM_ORGANIZATION ",O="
#define CERT_SUBJECT_PASSWORD ""
#define CERT_INFO_PREFIX ""
+/*
+ * Properties of cert for generating
+ */
+typedef struct {
+ char *issuer_crt; /* filename of the issuer certificate */
+ char *subject_key; /* filename of the subject key file */
+ char *issuer_key; /* filename of the issuer key file */
+ const char *subject_pwd; /* password for the subject key file */
+ const char *issuer_pwd; /* password for the issuer key file */
+ char *output_file; /* where to store the constructed key file */
+ const char *subject_name; /* subject name for certificate */
+ char issuer_name[ISSUER_NAME_BUF_SIZE]; /* issuer name for certificate */
+ const char *not_before; /* validity period not before */
+ const char *not_after; /* validity period not after */
+ const char *serial; /* serial number string */
+ int is_ca; /* is a CA certificate */
+ int max_pathlen; /* maximum CA path length */
+} cert_options;
+
+/*
+ * Properties of key for generating
+ */
+typedef struct {
+ mbedtls_pk_type_t type; /* type of key to generate */
+ int rsa_keysize; /* length of key in bits */
+ char *key_file_path; /* filename of the key file */
+} key_options;
extern int generate_webpage_certificate(struct client_state * csp);
static char * make_certs_path(const char * conf_dir, const char * file_name, const char * suffix);
*
* Function : is_ssl_pending
*
-* Description : Tests if there are some waitting data on ssl connection
+* Description : Tests if there are some waiting data on ssl connection
*
* Parameters :
* 1 : ssl = SSL context to test
* Returns : N/A
*
*********************************************************************/
-static void close_client_ssl_connection(struct client_state *csp)
+extern void close_client_ssl_connection(struct client_state *csp)
{
int ret = 0;
/*********************************************************************
+ *
* Function : close_client_and_server_ssl_connections
*
* Description : Checks if client or server should use secured
/*====================== Certificates ======================*/
/*********************************************************************
+ *
* Function : write_certificate
*
* Description : Writes certificate into file.
/*********************************************************************
+ *
* Function : write_private_key
*
* Description : Writes private key into file and copies saved
/*********************************************************************
+ *
* Function : generate_key
*
* Description : Tests if private key for host saved in csp already
sizeof(cert_opt.issuer_name), &issuer_cert.subject);
if (ret < 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "mbedtls_x509_dn_gets failed: %s", err_buf);
ret = -1;
goto exit;
ret = mbedtls_x509write_crt_set_subject_name(&cert, cert_opt.subject_name);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Setting subject name in signed certificate failed: %s", err_buf);
ret = -1;
ret = mbedtls_x509write_crt_set_issuer_name(&cert, cert_opt.issuer_name);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Setting issuer name in signed certificate failed: %s", err_buf);
ret = -1;
cert_opt.not_after);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Setting validity in signed certificate failed: %s", err_buf);
ret = -1;
cert_opt.max_pathlen);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "Setting the basicConstraints extension "
"in signed certificate failed: %s", err_buf);
ret = -1;
ret = mbedtls_x509write_crt_set_subject_key_identifier(&cert);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "mbedtls_x509write_crt_set_subject_key_"
"identifier failed: %s", err_buf);
ret = -1;
ret = mbedtls_x509write_crt_set_authority_key_identifier(&cert);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "mbedtls_x509write_crt_set_authority_key_"
"identifier failed: %s", err_buf);
ret = -1;
ssl_send_data(&(csp->mbedtls_client_attr.ssl),
(const unsigned char *)message, strlen(message));
/*
- * Waiting before closing connection. Some browsers doesn't show received
+ * Waiting before closing connection. Some browsers don't show received
* message if there isn't this delay.
*/
sleep(1);
/*********************************************************************
-*
-* Function : host_to_hash
-*
-* Description : Creates MD5 hash from host name. Host name is loaded
-* from structure csp and saved again into it.
-*
-* Parameters :
-* 1 : csp = Current client state (buffers, headers, etc...)
-*
-* Returns : 1 => Error while creating hash
-* 0 => Hash created successfully
-*
-*********************************************************************/
+ *
+ * Function : host_to_hash
+ *
+ * Description : Creates MD5 hash from host name. Host name is loaded
+ * from structure csp and saved again into it.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : 1 => Error while creating hash
+ * 0 => Hash created successfully
+ *
+ *********************************************************************/
static int host_to_hash(struct client_state * csp)
{
int ret = 0;
projects / privoxy.git / blobdiff