Hi !
Im writting a client/server application, using C++, the
server follows a multithread model, and I want to generate
new certificates for each new client that connects with my
server.
The client runs perfect, but I have problems with my
server. I want to create the certificates on-the-fly
when new client arrives, use this cert for this
connection, and when the conn closes, I freeup the
cert, So I don't need to store / load them from a
file.
I don't know how to archieve that. I built a cert,
but when I connect the client, I have lots of
errors due the ASN codification.
Please, can anybody help me to create a new
cert on-the-fly ? here is my code:
Thanks in advance
-server-code----------------------------------------------------------
X509 *generate_new_cert(int days=30, int length=1024, int exp=3) {
// X509V3_CTX ext_ctx;
// static LHASH *req_conf=NULL;
const EVP_MD *digest=EVP_md5();
SSL_CTX* ctx;
SSL_METHOD *meth;
EVP_PKEY *pkey=NULL;
RSA *rsakey;
X509 *x509ss=NULL;
X509_REQ *req=NULL;
EVP_PKEY *tmppkey;
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new(meth); // generate a new context
if (!ctx) {
ERR_print_errors_fp(stderr);
exit(2);
}
/*
* here, we want to create a private key,
* and with this, create a new certificate
*/
// pkey = EVP_PKEY_new();
//
// generating a new RSAKEY
//
rsakey = RSA_generate_key(length,exp,NULL,NULL);
if (rsakey==NULL) {
cout << "Arrggg can't generate the RSA key" << endl;
exit(-1);
}
//
// generating a new PRIVATE KEY
//
pkey=EVP_PKEY_new();
if (!EVP_PKEY_assign_RSA(pkey, rsakey)) {
cout << "Malo Malo" << endl;
exit(-1);
}
//
// generating a new req X509 cert
//
req=X509_REQ_new();
if (!X509_REQ_set_version(req,0L)) return(0);
X509_REQ_set_pubkey(req,pkey);
if ((x509ss=X509_new()) == NULL) {
cout << "can't create" << endl;
}
if(!X509_set_version(x509ss, 2)) {
cout << "can't set version" << endl;
}
ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
X509_set_issuer_name(x509ss,X509_REQ_get_subject_name(req));
X509_gmtime_adj(X509_get_notBefore(x509ss),0);
X509_gmtime_adj(X509_get_notAfter(x509ss),(long)60*60*24*days);
X509_set_subject_name(x509ss,X509_REQ_get_subject_name(req));
tmppkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x509ss,tmppkey);
EVP_PKEY_free(tmppkey);
//X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
//X509V3_set_conf_lhash(&ext_ctx, req_conf);
if (!X509_sign(x509ss,pkey,digest)) {
cout << "Can't sign it" << endl;
}
if (x509ss == NULL) cout << ">Bad cert" << endl;
RSA_free(rsakey);
// EVP_PKEY_free(pkey); // this give me a coredump ... anybody
// knows why ?
return(x509ss);
}
int main ()
{
X509 *cert;
srand(time(0));
cert=generate_new_cert();
[...] more code here to do the connection
}
----end-of-code----------------------------------------------------
Kind regards
--
==================================================
Juan M. Casillas Perez [EMAIL PROTECTED]
IT Manager Demasiado Corp.
Orense 28 1-B 28020 Madrid, Spain
Tlf: 915567357 Fax: 915971484
==================================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
