throw std::runtime_error( "memerr" );
}
+extern std::string ocspPath;
+
void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans, Profile& prof, std::string crlURL, std::string crtURL ) {
add_ext( caCert, target, NID_basic_constraints, "critical,CA:FALSE" );
add_ext( caCert, target, NID_subject_key_identifier, "hash" );
std::string ku = std::string( "critical," ) + prof.ku;
add_ext( caCert, target, NID_key_usage, ku.c_str() );
add_ext( caCert, target, NID_ext_key_usage, prof.eku.c_str() );
- add_ext( caCert, target, NID_info_access, ( "OCSP;URI:http://ocsp.cacert.org,caIssuers;URI:" + crtURL ).c_str() );
+ add_ext( caCert, target, NID_info_access, ( ( ocspPath.empty() ? "" : "OCSP;URI:" + ocspPath + "," ) + "caIssuers;URI:" + crtURL ).c_str() );
add_ext( caCert, target, NID_crl_distribution_points, ( "URI:" + crlURL ).c_str() );
if( sans.empty() ) {
return;
}
- std::shared_ptr<GENERAL_NAMES> gens = std::shared_ptr<GENERAL_NAMES>(
- sk_GENERAL_NAME_new_null(),
- []( GENERAL_NAMES * ref ) {
- if( ref ) {
- sk_GENERAL_NAME_pop_free( ref, GENERAL_NAME_free );
- }
- } );
+ auto freeGeneralNames = []( GENERAL_NAMES * ref ) {
+ if( ref ) {
+ sk_GENERAL_NAME_pop_free( ref, GENERAL_NAME_free );
+ }
+ };
+ std::shared_ptr<GENERAL_NAMES> gens = std::shared_ptr<GENERAL_NAMES>( sk_GENERAL_NAME_new_null(), freeGeneralNames );
for( auto& name : sans ) {
GENERAL_NAME *gen = GENERAL_NAME_new();
throw std::runtime_error( "Failed to retrieve certificate serial of signed certificate." );
}
- std::shared_ptr<char> serStr(
- BN_bn2hex( ser.get() ),
- []( char* p ) {
- OPENSSL_free( p );
- } ); // OPENSSL_free is a macro...
+ auto freeMem = []( char *p ) {
+ OPENSSL_free( p );
+ };// OPENSSL_free is a macro...
+ std::shared_ptr<char> serStr( BN_bn2hex( ser.get() ), freeMem );
res->serial = serStr ? std::string( serStr.get() ) : "";
return res;