add: Handling the MD for signing the certificate

author Felix Dörre <felix@dogcraft.de>

Sat, 1 Nov 2014 23:36:53 +0000 (00:36 +0100)

committer Benny Baumann <BenBE@geshi.org>

Fri, 7 Nov 2014 22:53:05 +0000 (23:53 +0100)
author Felix Dörre <felix@dogcraft.de>
Sat, 1 Nov 2014 23:36:53 +0000 (00:36 +0100)
committer Benny Baumann <BenBE@geshi.org>
Fri, 7 Nov 2014 22:53:05 +0000 (23:53 +0100)
diff --git a/src/X509.cpp b/src/X509.cpp

index a0c11711752bae8ad7e8daeecc605d007a75b230..92d7773f22f4cbff36b0b5cb4a179f030018087a 100644 (file)
--- a/src/X509.cpp
+++ b/src/X509.cpp
@@ -221,12 +221,26 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
      X509_EXTENSION_free( ext );
  }
  
-std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caKey ) {
+std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caKey, std::string signAlg ) {
      if( !X509_set_subject_name( target.get(), subject.get() ) ) {
          throw "error setting subject";
      }
  
-    if( !X509_sign( target.get(), caKey.get(), EVP_sha512() ) ) {
+    const EVP_MD* md;
+
+    if( signAlg == "sha512" ) {
+        md = EVP_sha512();
+    } else if( signAlg == "sha384" ) {
+        md = EVP_sha384();
+    } else if( signAlg == "sha256" ) {
+        md = EVP_sha256();
+    } else if( signAlg == "sha1" ) {
+        md = EVP_sha1();
+    } else {
+        throw "Unknown md-type";
+    }
+
+    if( !X509_sign( target.get(), caKey.get(), md ) ) {
          throw "Signing failed.";
      }
  
diff --git a/src/X509.h b/src/X509.h

index 62f32a481c3705ed404e4a32d6c17647a61e60c2..ba565fe20ad27363b641d4277b78f5e28828af96 100644 (file)
--- a/src/X509.h
+++ b/src/X509.h
@@ -33,5 +33,5 @@ public:
      void setSerialNumber( BIGNUM* num );
      void setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans );
      void setTimes( uint32_t before, uint32_t after );
-    std::shared_ptr<SignedCertificate> sign( std::shared_ptr<EVP_PKEY> caKey );
+    std::shared_ptr<SignedCertificate> sign( std::shared_ptr<EVP_PKEY> caKey, std::string signAlg );
  };
diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp

index b41c58c2bd5475edc6ffe23221ac1f722dd42f06..2677aa413d2ce91ee019423bea2a477db6e22ef8 100644 (file)
--- a/src/simpleOpensslSigner.cpp
+++ b/src/simpleOpensslSigner.cpp
@@ -172,7 +172,7 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
      c.setTimes( 0, 60 * 60 * 24 * 10 );
      c.setExtensions( caCert, cert->SANs );
  
-    std::shared_ptr<SignedCertificate> output = c.sign( caKey );
+    std::shared_ptr<SignedCertificate> output = c.sign( caKey, cert->md );
  
      return output;
  }
author	Felix Dörre <felix@dogcraft.de>
	Sat, 1 Nov 2014 23:36:53 +0000 (00:36 +0100)
committer	Benny Baumann <BenBE@geshi.org>
	Fri, 7 Nov 2014 22:53:05 +0000 (23:53 +0100)
src/X509.cpp		patch \| blob \| history
src/X509.h		patch \| blob \| history
src/simpleOpensslSigner.cpp		patch \| blob \| history