aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509/x509self.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-04-24 06:09:33 -0400
committerJack Lloyd <[email protected]>2016-05-23 11:48:36 -0400
commit93899a96dc79199bf31d40f452d40b0c6fba20b7 (patch)
tree9b18f237a29ff10330cca0b1001e897a6ea94398 /src/lib/cert/x509/x509self.cpp
parent4f04a39d104a65d55762b6d03cf7ec21aac02ffa (diff)
Remove DN field requirements on generating certs and PKCS #10
I have no idea why this is requiring the country code be set, but for many applications a country is not even meaningful. This change also allows CN to be empty/unset on the request or cert, since there is no actual requirement for any specific DN entry type and RFC 5280 specifically allows even an completely empty DN, with name information only in the subjectAltName extension. This change also allows generating a self-signed cert or cert request that expires before it starts. That could only happen with an explicit decision by the application to set it that way, and there is no harm in returning these non-secret bits. They will probably notice their problem as soon as the cert is rejected by any receiving system.
Diffstat (limited to 'src/lib/cert/x509/x509self.cpp')
-rw-r--r--src/lib/cert/x509/x509self.cpp4
1 files changed, 0 insertions, 4 deletions
diff --git a/src/lib/cert/x509/x509self.cpp b/src/lib/cert/x509/x509self.cpp
index 7d1c01c37..8b9aeda09 100644
--- a/src/lib/cert/x509/x509self.cpp
+++ b/src/lib/cert/x509/x509self.cpp
@@ -49,8 +49,6 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
X509_DN subject_dn;
AlternativeName subject_alt;
- opts.sanity_check();
-
std::vector<byte> pub_key = X509::BER_encode(key);
std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
@@ -95,8 +93,6 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
X509_DN subject_dn;
AlternativeName subject_alt;
- opts.sanity_check();
-
std::vector<byte> pub_key = X509::BER_encode(key);
std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);