forked from wolfSSL/wolfssl
Merge branch 'master' into ti
This commit is contained in:
toddouska
@@ -1,11 +1,11 @@
|
|||||||
|
|
||||||
***** Create a self signed cert ************
|
***** Create a self signed cert ************
|
||||||
|
|
||||||
1) openssl genrsa 512 > client-key.pem
|
1) openssl genrsa 1024 > client-key.pem
|
||||||
|
|
||||||
2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
|
2) openssl req -new -x509 -nodes -sha1 -days 1000 -key client-key.pem > client-cert.pem
|
||||||
|
|
||||||
3) note sha1 would be -sha1
|
3) note md5 would be -md5
|
||||||
|
|
||||||
-- adding metadata to beginning
|
-- adding metadata to beginning
|
||||||
|
|
||||||
@@ -21,13 +21,13 @@ same as self signed, use ca prefix instead of client
|
|||||||
|
|
||||||
***** Create a cert signed by CA **************
|
***** Create a cert signed by CA **************
|
||||||
|
|
||||||
1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
|
1) openssl req -newkey rsa:1024 -sha1 -days 1000 -nodes -keyout server-key.pem > server-req.pem
|
||||||
|
|
||||||
* note if using exisitng key do: -new -key keyName
|
* note if using exisitng key do: -new -key keyName
|
||||||
|
|
||||||
2) copy ca-key.pem ca-cert.srl (why ????)
|
2) copy ca-key.pem ca-cert.srl (why ????)
|
||||||
|
|
||||||
3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
|
3) openssl x509 -req -in server-req.pem -days 1000 -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
|
||||||
|
|
||||||
|
|
||||||
***** Adding Subject Key ID and Authentication Key ID extensions to a cert *****
|
***** Adding Subject Key ID and Authentication Key ID extensions to a cert *****
|
||||||
|
|||||||
@@ -1439,7 +1439,10 @@ enum ClientCertificateType {
|
|||||||
dss_fixed_dh = 4,
|
dss_fixed_dh = 4,
|
||||||
rsa_ephemeral_dh = 5,
|
rsa_ephemeral_dh = 5,
|
||||||
dss_ephemeral_dh = 6,
|
dss_ephemeral_dh = 6,
|
||||||
fortezza_kea_cert = 20
|
fortezza_kea_cert = 20,
|
||||||
|
ecdsa_sign = 64,
|
||||||
|
rsa_fixed_ecdh = 65,
|
||||||
|
ecdsa_fixed_ecdh = 66
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -6015,7 +6015,7 @@ int SendCertificateRequest(CYASSL* ssl)
|
|||||||
int sendSz;
|
int sendSz;
|
||||||
word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
||||||
|
|
||||||
int typeTotal = 1; /* only rsa for now */
|
int typeTotal = 1; /* only 1 for now */
|
||||||
int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
|
int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
|
||||||
|
|
||||||
if (IsAtLeastTLSv1_2(ssl))
|
if (IsAtLeastTLSv1_2(ssl))
|
||||||
@@ -6043,7 +6043,15 @@ int SendCertificateRequest(CYASSL* ssl)
|
|||||||
|
|
||||||
/* write to output */
|
/* write to output */
|
||||||
output[i++] = (byte)typeTotal; /* # of types */
|
output[i++] = (byte)typeTotal; /* # of types */
|
||||||
output[i++] = rsa_sign;
|
#ifdef HAVE_ECC
|
||||||
|
if (ssl->options.cipherSuite0 == ECC_BYTE &&
|
||||||
|
ssl->specs.sig_algo == ecc_dsa_sa_algo) {
|
||||||
|
output[i++] = ecdsa_sign;
|
||||||
|
} else
|
||||||
|
#endif /* HAVE_ECC */
|
||||||
|
{
|
||||||
|
output[i++] = rsa_sign;
|
||||||
|
}
|
||||||
|
|
||||||
/* supported hash/sig */
|
/* supported hash/sig */
|
||||||
if (IsAtLeastTLSv1_2(ssl)) {
|
if (IsAtLeastTLSv1_2(ssl)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user