I am trying to load an old certificate, take the subject line and make a
new certificate signed with my self signed certificate. I am sure that
it is something obvious that I am overlooking, but no matter what I try
I always fail when I try to check the private key of the new
certificate.
I have a "CA cert" which works with other things so I am fairly sure
that is done correctly. I have an old certificate that I read in, and I
can read it with the CLI program so I am fairly sure that too is not
corrupted.
The new certificate is what is giving me problems. I would appreciate
any pointers on where the problem may be. Attached is my program, I
tried to redact it as much as possible without totally refactoring it
for fear of introducing new unrelated bugs. It is most likely something
in "createCertificate" that I am either not doing and should or doing
and should not.
Thanks for any help,
#include <openssl/ssl.h>
struct certKey {
EVP_PKEY *keys;
X509 *certificate;
};
void createCertificate(X509_NAME *issuerName, X509_NAME *serverName,
EVP_PKEY *caKey, struct certKey cert)
{
RSA *rsaKeyPair = RSA_generate_key(1024, RSA_F4, NULL, NULL);
cert.certificate = X509_new();
X509_set_version(cert.certificate, 3);
ASN1_INTEGER_set(X509_get_serialNumber(cert.certificate), 1234);
X509_set_subject_name(cert.certificate, serverName);
X509_set_issuer_name(cert.certificate, issuerName);
cert.keys = EVP_PKEY_new();
EVP_PKEY_assign_RSA(cert.keys, rsaKeyPair);
X509_set_pubkey(cert.certificate, cert.keys);
X509_gmtime_adj(X509_get_notBefore(cert.certificate), 0);
X509_gmtime_adj(X509_get_notAfter(cert.certificate),
(long)60*60*24*365);
X509_sign(cert.certificate, caKey, EVP_sha1());
}
X509* loadCertificateFromFile(const char *file)
{
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_use_certificate_file(ctx,file,SSL_FILETYPE_PEM);
return SSL_get_certificate(SSL_new(ctx));
}
EVP_PKEY* loadKeyFromFile(char *file, char *password)
{
EVP_PKEY *privKey;
FILE *fp;
if (!(fp = fopen (file, "r"))) {
printf("Error reading private key file\n");
exit(1);
}
if (!(privKey = PEM_read_PrivateKey (fp, NULL, NULL, password))) {
printf("Error reading private key in file\n");
exit(1);
}
fclose (fp);
return privKey;
}
main()
{
X509 *caCertificate;
EVP_PKEY *caKey;
char *caCertFile = "cacert.pem";
char *caKeyFile = "cakey.pem";
char *oldCertFile = "oldcert.pem";
X509 *oldCertificate;
struct certKey clientCert={0};
SSL_CTX *ctx;
static int session_id_ctx = 1;
SSL_library_init();
OpenSSL_add_all_algorithms();
caCertificate = loadCertificateFromFile(caCertFile);
caKey = loadKeyFromFile(caKeyFile,NULL);
oldCertificate = loadCertificateFromFile(oldCertFile);
createCertificate(X509_get_subject_name(caCertificate),
X509_get_subject_name(oldCertificate),
caKey,
clientCert);
ctx = SSL_CTX_new(SSLv23_server_method());;
SSL_CTX_set_session_id_context(ctx,
(void*)&session_id_ctx,
sizeof session_id_ctx);
SSL_CTX_use_certificate(ctx, clientCert.certificate);
SSL_CTX_use_PrivateKey(ctx, clientCert.keys);
if (SSL_CTX_check_private_key(ctx) == 0) {
printf("private key is the fail\n");
}
}
--
Trixter aka Bret McDanel
website: http://www.0xdecafbad.com
pgp key: http://bit.ly/9XYK4b
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
