Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

...

Browse Source
This commit is contained in:
Kovid Goyal 2024-08-16 19:26:35 +05:30
parent b01d756329
commit 6b907d8ec2
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
2 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/calibre/utils/certgen.c
View File

@ -279,20 +279,21 @@ static PyObject* create_rsa_cert(PyObject *self, PyObject *args) {
if (!X509_set_pubkey(Cert, PubKey)) { set_error("X509_set_pubkey"); goto error; } if (!X509_set_pubkey(Cert, PubKey)) { set_error("X509_set_pubkey"); goto error; }
X509_EXTENSION *ex; X509_EXTENSION *ex;
if (req_is_for_CA_cert) { if (req_is_for_CA_cert) {
X509V3_set_ctx(&ctx, NULL, Cert, NULL, NULL, 0); X509V3_set_ctx(&ctx, Cert, Cert, NULL, NULL, 0);
X509V3_set_ctx_nodb(&ctx); X509V3_set_ctx_nodb(&ctx);
ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash");
if (!ex) { set_error("creating subject key identifier failed"); goto error; }
X509_add_ext(Cert, ex, -1);
X509_EXTENSION_free(ex);
} else { } else {
X509V3_set_ctx(&ctx, CA_cert, Cert, NULL, NULL, 0); X509V3_set_ctx(&ctx, CA_cert, Cert, NULL, NULL, 0);
X509V3_set_ctx_nodb(&ctx); X509V3_set_ctx_nodb(&ctx);
ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid:always");
if (!ex) { set_error("creating authority key identifier failed"); goto error; }
X509_add_ext(Cert, ex, -1);
X509_EXTENSION_free(ex);
} }
ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash");
if (!ex) { set_error("creating subject key identifier failed"); goto error; }
X509_add_ext(Cert, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid:always");
if (!ex) { set_error("creating authority key identifier failed"); goto error; }
X509_add_ext(Cert, ex, -1);
X509_EXTENSION_free(ex);
Py_BEGIN_ALLOW_THREADS; Py_BEGIN_ALLOW_THREADS;
signature_length = X509_sign(Cert, CA_key, EVP_sha256()); signature_length = X509_sign(Cert, CA_key, EVP_sha256());
Py_END_ALLOW_THREADS; Py_END_ALLOW_THREADS;
@ -402,7 +403,7 @@ verify_cert(PyObject *self, PyObject *args) {
Py_END_ALLOW_THREADS Py_END_ALLOW_THREADS
X509_STORE_CTX_free(vfy_ctx); X509_STORE_CTX_free(vfy_ctx);
X509_STORE_free(store); X509_STORE_free(store);
if (!ok) { set_error("Verification failed"); return NULL; } if (!ok) { set_error("X509_verify_cert"); return NULL; }
Py_RETURN_NONE; Py_RETURN_NONE;
} }

5
src/calibre/utils/certgen.py
View File

@ -69,14 +69,15 @@ def create_server_cert(
# Create the Certificate Authority # Create the Certificate Authority
cakey = create_key_pair(key_size) cakey = create_key_pair(key_size)
careq = create_cert_request( careq = create_cert_request(
cakey, ca_name, basic_constraints='critical,CA:TRUE', digital_key_usage='critical,keyCertSign,cRLSign') cakey, ca_name, basic_constraints='critical,CA:TRUE', digital_key_usage='critical,keyCertSign,cRLSign',
ext_key_usage='critical,serverAuth,clientAuth')
cacert = create_ca_cert(careq, cakey) cacert = create_ca_cert(careq, cakey)
# Create the server certificate issued by the newly created CA # Create the server certificate issued by the newly created CA
pkey = create_key_pair(key_size) pkey = create_key_pair(key_size)
req = create_cert_request( req = create_cert_request(
pkey, domain_or_ip, country, state, locality, organization, organizational_unit, email_address, alt_names, pkey, domain_or_ip, country, state, locality, organization, organizational_unit, email_address, alt_names,
ext_key_usage='critical,serverAuth') digital_key_usage='critical,keyEncipherment,digitalSignature', ext_key_usage='critical,serverAuth,clientAuth')
cert = create_cert(req, cacert, cakey, expire=expire) cert = create_cert(req, cacert, cakey, expire=expire)
def export(dest, obj, func, *args): def export(dest, obj, func, *args):