aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-06 05:58:05 -0500
committerJack Lloyd <[email protected]>2018-03-06 05:58:05 -0500
commitc7ad5439326d64c7fab30067aa5ced67583b0aad (patch)
tree9bb9bbd00b32a8c5c0395134d2ed8dc5af523226 /src
parent03a44b499a12bc4f965bf37f1625e09e7de2340c (diff)
Include AKID in generated self signed certificates
GH #1007
Diffstat (limited to 'src')
-rw-r--r--src/lib/x509/x509_ext.h3
-rw-r--r--src/lib/x509/x509self.cpp13
2 files changed, 12 insertions, 4 deletions
diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h
index 7c8a8569c..6e71fb879 100644
--- a/src/lib/x509/x509_ext.h
+++ b/src/lib/x509/x509_ext.h
@@ -346,6 +346,8 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension
public:
Subject_Key_ID() = default;
+ explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
+
Subject_Key_ID(const std::vector<uint8_t>& public_key,
const std::string& hash_fn);
@@ -358,7 +360,6 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension
OID oid_of() const override { return static_oid(); }
private:
- explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
std::string oid_name() const override
{ return "X509v3.SubjectKeyIdentifier"; }
diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp
index 78cdfe741..418fd85a4 100644
--- a/src/lib/x509/x509self.cpp
+++ b/src/lib/x509/x509self.cpp
@@ -1,6 +1,6 @@
/*
* PKCS #10/Self Signed Cert Creation
-* (C) 1999-2008 Jack Lloyd
+* (C) 1999-2008,2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -11,6 +11,7 @@
#include <botan/der_enc.h>
#include <botan/pubkey.h>
#include <botan/oids.h>
+#include <botan/hash.h>
namespace Botan {
@@ -52,7 +53,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
// for now, only the padding option is used
std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} };
- std::vector<uint8_t> pub_key = X509::BER_encode(key);
+ const std::vector<uint8_t> pub_key = X509::BER_encode(key);
std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
@@ -78,7 +79,13 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
extensions.add_new(new Cert_Extension::Key_Usage(constraints), true);
}
- extensions.add_new(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn));
+ std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_fn));
+ hash->update(pub_key);
+ std::vector<uint8_t> skid(hash->output_length());
+ hash->final(skid.data());
+
+ extensions.add_new(new Cert_Extension::Subject_Key_ID(skid));
+ extensions.add_new(new Cert_Extension::Authority_Key_ID(skid));
extensions.add_new(
new Cert_Extension::Subject_Alternative_Name(subject_alt));