dcrypt icon indicating copy to clipboard operation
dcrypt copied to clipboard

Published 20 hours ago verified publisher icon dekz

x509 certificate generation patch

Open itsnotlupus opened this issue 13 years ago • 2 comments

x509.createCert(bitSize, days, entries, extensions) now takes four arguments.

Sample usage:

c1 = dcrypt.x509.createCert(1024, 10, { 
  CN:"bob.com",
  C:"XX",
  O:"Organization of evil geniuses",
  OU:"Sub-division of testy mutants"
}, {
  "basicConstraints": "critical,CA:TRUE",
  "keyUsage": "critical,keyCertSign,cRLSign",
  "subjectKeyIdentifier": "hash",
  "nsCertType": "sslCA",
  "nsComment": "This certificate should not be placed near feta cheese"
});

The function returns an object with two members, "x509" for the certificate and "pkey" for the private key.

Note that createCert() will not automatically self-signed the certificate anymore. There's a new function for that:

x509.signCert(cert, ca_cert, ca_pkey) will sign a certificate.

To get the old self-signed behavior, use something like

c1.x509 = dcrypt.x509.signCert(c1.x509, c1.x509, c1.pkey);

Also, x509.parse() has a couple of fixes to prevent runaway strings from showing up in its output.

itsnotlupus avatar Jul 19 '11 21:07 itsnotlupus

Yeah it was still in the early stages of working in the certs. Thanks for the patches, much appreciated. I'll hopefully pull down the changes check them out and merge it in tonight.

dekz avatar Jul 20 '11 05:07 dekz

Note that since I'm a n00b at git and I didn't realize new commits to my tree would end up in the same pull request, there's a 3d commit that adds a 5th parameter to createCert(). now the function sig looks like:

dcrypt.x509.createCert(bitSize, days, serial, entries, extensions);

(Apparently browsers hate seeing the same serial on certs signed by a common CA.)

itsnotlupus avatar Jul 21 '11 00:07 itsnotlupus