#include "base/logger_fwd.hpp"
#include "base/context.hpp"
-
namespace icinga
{
return shared_ptr<X509>(cert, X509_free);
}
-int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, const String& certfile)
+int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, const String& certfile, bool ca)
{
InitializeOpenSSL();
X509_NAME *name = X509_get_subject_name(cert);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)cn.CStr(), -1, -1, 0);
X509_set_issuer_name(cert, name);
+
+ if (ca) {
+ X509_EXTENSION *ext;
+ X509V3_CTX ctx;
+ X509V3_set_ctx_nodb(&ctx);
+ X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
+ ext = X509V3_EXT_conf_nid(NULL, &ctx, NID_basic_constraints, const_cast<char *>("critical,CA:TRUE"));
+
+ if (ext)
+ X509_add_ext(cert, ext, -1);
+
+ X509_EXTENSION_free(ext);
+ }
+
+
X509_sign(cert, key, EVP_sha1());
Log(LogInformation, "base", "Writing X509 certificate to '" + certfile + "'.");
#include <openssl/err.h>
#include <openssl/comp.h>
#include <openssl/sha.h>
+#include <openssl/x509v3.h>
namespace icinga
{
void I2_BASE_API AddCRLToSSLContext(const shared_ptr<SSL_CTX>& context, const String& crlPath);
String I2_BASE_API GetCertificateCN(const shared_ptr<X509>& certificate);
shared_ptr<X509> I2_BASE_API GetX509Certificate(const String& pemfile);
-int I2_BASE_API MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile = String(), const String& certfile = String());
+int I2_BASE_API MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile = String(), const String& certfile = String(), bool ca = false);
String I2_BASE_API SHA256(const String& s);
class I2_BASE_API openssl_error : virtual public std::exception, virtual public boost::exception { };
return 1;
}
- MakeX509CSR("Icinga CA", cadir + "/ca.key", String(), cadir + "/ca.crt");
+ MakeX509CSR("Icinga CA", cadir + "/ca.key", String(), cadir + "/ca.crt", true);
String serialpath = cadir + "/serial.txt";
projects / icinga2 / commitdiff