upd: Add max validity period to profile configurations

author Felix Dörre <felix@dogcraft.de>

Tue, 20 Jan 2015 15:36:43 +0000 (16:36 +0100)

committer Benny Baumann <BenBE@geshi.org>

Mon, 9 Feb 2015 19:05:34 +0000 (20:05 +0100)
author Felix Dörre <felix@dogcraft.de>
Tue, 20 Jan 2015 15:36:43 +0000 (16:36 +0100)
committer Benny Baumann <BenBE@geshi.org>
Mon, 9 Feb 2015 19:05:34 +0000 (20:05 +0100)
diff --git a/src/config.cpp b/src/config.cpp

index e88ec2bee52e3331a9c67ea13777964832826c41..ce78f417582a8a8049389f18435279cde60b7fa8 100644 (file)
--- a/src/config.cpp
+++ b/src/config.cpp
@@ -87,6 +87,7 @@ int parseProfiles() {
          prof.id = std::stoi( id );
          prof.eku = map->at( "eku" );
          prof.ku = map->at( "ku" );
+        prof.maxValidity = std::stoi( map->at( "days" ) ) * /* DAYS */24 * 60 * 60;
  
          std::string cas = map->at( "ca" );
  
diff --git a/src/crypto/simpleOpensslSigner.cpp b/src/crypto/simpleOpensslSigner.cpp

index 22687be3c518579a3b9fbd1531726bb51acefc6c..dce6025fe4ebadc44ce0d7d0812d6578664ff623 100644 (file)
--- a/src/crypto/simpleOpensslSigner.cpp
+++ b/src/crypto/simpleOpensslSigner.cpp
@@ -109,12 +109,6 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
  
      // Construct the Certificate
      X509Cert c = X509Cert();
-    std::shared_ptr<X509> retsh = std::shared_ptr<X509>( X509_new(), X509_free );
-    X509* ret = retsh.get();
-
-    if( !ret ) {
-        throw "Creating X509 failed.";
-    }
  
      X509_NAME* subjectP = X509_NAME_new();
  
@@ -184,7 +178,7 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
          to = from + /*2 Years */ 2 * 365 * 24 * 60 * 60;
      }
  
-    time_t limit = /*2 Years (max possible) */ 2 * 366 * 24 * 60 * 60;
+    time_t limit = prof.maxValidity;
  
      if( to - from > limit || to - from < 0 ) {
          to = from + limit;
diff --git a/src/crypto/sslUtil.h b/src/crypto/sslUtil.h

index dddfdafd0e8f146b74a57f658300dcd160c46fc4..c4193fe46766f656f2f7757c7d00fc4ad2eed700 100644 (file)
--- a/src/crypto/sslUtil.h
+++ b/src/crypto/sslUtil.h
@@ -4,6 +4,7 @@
  #include <string>
  #include <vector>
  #include <cinttypes>
+#include <ctime>
  
  #include <openssl/ssl.h>
  
@@ -28,6 +29,7 @@ struct Profile {
      std::string ku;
  
      std::vector<std::shared_ptr<CAConfig>> ca;
+    std::time_t maxValidity;
      std::shared_ptr<CAConfig> getCA() {
          for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
              if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0 ) {
diff --git a/test/genTestData.sh b/test/genTestData.sh

index 9d0c4ff9401becb50e957820c2b1689d1f5ac547..7eb3e8312acd242dc212ce53b67c3b0e56dfa36f 100755 (executable)
--- a/test/genTestData.sh
+++ b/test/genTestData.sh
@@ -25,6 +25,7 @@ cat > profiles/0001-type1.cfg <<EOF
  ca=unassured
  eku=
  ku=
+days=10
  EOF
  
  mkdir -p ca/unassured
author	Felix Dörre <felix@dogcraft.de>
	Tue, 20 Jan 2015 15:36:43 +0000 (16:36 +0100)
committer	Benny Baumann <BenBE@geshi.org>
	Mon, 9 Feb 2015 19:05:34 +0000 (20:05 +0100)
src/config.cpp		patch \| blob \| history
src/crypto/simpleOpensslSigner.cpp		patch \| blob \| history
src/crypto/sslUtil.h		patch \| blob \| history
test/genTestData.sh		patch \| blob \| history