}
void X509Cert::setSerialNumber( BIGNUM* num ) {
- BN_to_ASN1_INTEGER( num , target->cert_info->serialNumber );
+ ASN1_INTEGER *i = BN_to_ASN1_INTEGER( num, NULL);
+ X509_set_serialNumber(target.get(), i);
+ ASN1_INTEGER_free(i);
}
void X509Cert::setTimes( uint32_t before, uint32_t after ) {
goto merr;
}
- if( !( ext_oct = M_ASN1_OCTET_STRING_new() ) ) {
+ if( !( ext_oct = ASN1_OCTET_STRING_new() ) ) {
goto merr;
}
goto merr;
}
- M_ASN1_OCTET_STRING_free( ext_oct );
+ ASN1_OCTET_STRING_free( ext_oct );
return ext;
merr:
gen->type = name->type == "DNS" ? GEN_DNS : name->type == "email" ? GEN_EMAIL : 0; // GEN_EMAIL;
if( !gen->type
- || !( gen->d.ia5 = M_ASN1_IA5STRING_new() )
+ || !( gen->d.ia5 = ASN1_IA5STRING_new() )
|| !ASN1_STRING_set( gen->d.ia5, name->content.data(), name->content.size() ) ) {
GENERAL_NAME_free( gen );
throw std::runtime_error("initing iasting5 failed");
} else if( signAlg == "sha256" ) {
md = EVP_sha256();
} else if( signAlg == "sha1" ) {
- md = EVP_sha1();
+ throw std::runtime_error("Refusing to sign with weak signature algorithm (SHA-1).");
+ } else if( signAlg == "md5" ) {
+ throw std::runtime_error("Refusing to sign with weak signature algorithm (MD5).");
} else {
- throw std::runtime_error("Unknown md-type");
+ throw std::runtime_error("Unknown signature algorithm");
}
if( !X509_sign( target.get(), caKey.get(), md ) ) {
auto res = std::make_shared<SignedCertificate>();
res->certificate = std::string( buf->data, buf->data + buf->length );
- std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ), BN_free );
+ std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber(target.get()), NULL ), BN_free );
if( !ser ) {
throw std::runtime_error("Failed to retrieve certificate serial of signed certificate.");