From 8ce4b3f122821fbfdc692e3b312bfeeccef3bb2d Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Mon, 27 Oct 2014 10:52:07 +0100 Subject: [PATCH] Implement support for serial files fixes #7393 --- lib/base/tlsutility.cpp | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp index ac9adf1f9..56c75c53c 100644 --- a/lib/base/tlsutility.cpp +++ b/lib/base/tlsutility.cpp @@ -22,6 +22,7 @@ #include "base/logger.hpp" #include "base/context.hpp" #include "base/application.hpp" +#include namespace icinga { @@ -369,7 +370,6 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, shared_ptr CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME *issuer, EVP_PKEY *cakey, bool ca, const String& serialfile) { X509 *cert = X509_new(); - ASN1_INTEGER_set(X509_get_serialNumber(cert), 1); X509_gmtime_adj(X509_get_notBefore(cert), 0); X509_gmtime_adj(X509_get_notAfter(cert), 365 * 24 * 60 * 60 * 30); X509_set_pubkey(cert, pubkey); @@ -377,6 +377,28 @@ shared_ptr CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NAME *iss X509_set_subject_name(cert, subject); X509_set_issuer_name(cert, issuer); + if (!serialfile.IsEmpty()) { + int serial = 0; + + std::ifstream ifp; + ifp.open(serialfile.CStr()); + ifp >> std::hex >> serial; + ifp.close(); + + if (ifp.fail()) + BOOST_THROW_EXCEPTION(std::runtime_error("Could not read serial file.")); + + std::ofstream ofp; + ofp.open(serialfile.CStr()); + ofp << std::hex << serial + 1; + ofp.close(); + + if (ofp.fail()) + BOOST_THROW_EXCEPTION(std::runtime_error("Could not update serial file.")); + + ASN1_INTEGER_set(X509_get_serialNumber(cert), serial); + } + if (ca) { X509_EXTENSION *ext; X509V3_CTX ctx; -- 2.40.0