tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implement support for serial files 

fixes #7393
This commit is contained in:
Gunnar Beutner 2014-10-27 10:52:07 +01:00
parent 8b339a6cd5
commit 8ce4b3f122
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/base/tlsutility.cpp
View File

@ -22,6 +22,7 @@
#include "base/logger.hpp"
#include "base/context.hpp"
#include "base/application.hpp"
#include <fstream>
namespace icinga
{
@ -369,7 +370,6 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
shared_ptr<X509> CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME *issuer, EVP_PKEY *cakey, bool ca, const String& serialfile)
{
X509 *cert = X509_new();
ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
X509_gmtime_adj(X509_get_notBefore(cert), 0);
X509_gmtime_adj(X509_get_notAfter(cert), 365 * 24 * 60 * 60 * 30);
X509_set_pubkey(cert, pubkey);
@ -377,6 +377,28 @@ shared_ptr<X509> CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME *iss
X509_set_subject_name(cert, subject);
X509_set_issuer_name(cert, issuer);
if (!serialfile.IsEmpty()) {
int serial = 0;
std::ifstream ifp;
ifp.open(serialfile.CStr());
ifp >> std::hex >> serial;
ifp.close();
if (ifp.fail())
BOOST_THROW_EXCEPTION(std::runtime_error("Could not read serial file."));
std::ofstream ofp;
ofp.open(serialfile.CStr());
ofp << std::hex << serial + 1;
ofp.close();
if (ofp.fail())
BOOST_THROW_EXCEPTION(std::runtime_error("Could not update serial file."));
ASN1_INTEGER_set(X509_get_serialNumber(cert), serial);
}
if (ca) {
X509_EXTENSION *ext;
X509V3_CTX ctx;