1
0
forked from aniani/gmnisrv

Create certificates which last 68 years (INT32_MAX seconds)

This avoids integer overflow on 32-bit architectures.
This commit is contained in:
Thomas Karpiniec 2021-05-15 13:38:27 +10:00 committed by Drew DeVault
parent 0dc0e4432a
commit 53e4ce4abd

View File

@ -6,6 +6,7 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <stdint.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
@ -44,7 +45,7 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host,
X509_set_version(x509, 2); X509_set_version(x509, 2);
ASN1_INTEGER_set(X509_get_serialNumber(x509), 1); ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
X509_gmtime_adj(X509_get_notBefore(x509), 0); X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), LONG_MAX); X509_gmtime_adj(X509_get_notAfter(x509), INT32_MAX); // 68 years
X509_set_pubkey(x509, pkey); X509_set_pubkey(x509, pkey);
char *organization = "gmnisrv"; char *organization = "gmnisrv";