1.修改将SNI写入签发的实体证书的SNA 2.修改certstreo打包脚步
This commit is contained in:
fengweihao
51
ca/tango-ca-v3-trust-ca.pem
Normal file
51
ca/tango-ca-v3-trust-ca.pem
Normal file
@@ -0,0 +1,51 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJ6NvcrjBM17LJ
|
||||
+lD2RM+2A4tcwppfgb08ZQnsVEjtltat6c4x9sj9VqqOatIo+9GHGZ/FKSacnADx
|
||||
utm/pWSr2nxtrJdM1SCqR9OF2eZGfhdJK2ufWLcOkX7/+CEAXVEOXL4xxnNS55Lu
|
||||
OyCMOidPkq+Xzk1SJBIrpFrpctMxTFzJcvu35chtkF1IxPhN1dTVW6LJtz55U8gv
|
||||
J0Blg/w7EkfsHd/KHvBMdpbGx02vTnWUXPYGyi2wvOy5ptOthrSlxyxGwmByehPP
|
||||
s5XGk7M8m2eZzf+Kb5i/2e+wE8PrXCpGL1Picj4Ab1hLFyZVRtNVfVzqk+kCEv6e
|
||||
chbp2fE/AgMBAAECggEBAMC6imuqxaYD2sCbNH7ujgpidbuUckCqGdU1aPRyO662
|
||||
ZbNaUx00QQQ5ntIUuwit3oID/pL3RckFzIzxW3poyKCWDGGv9jg71FNV/l1s8jbl
|
||||
kxqf3Loct5erYDu7QN0VNhLsigv/LwO60nCedeIEfJOjJANWxE2c6s9HshPWLCuH
|
||||
0g/iOhm7+8QpZc9O/D4izUJkVVDThWlDjrgVX0p58k2VuECxEsyuMrRG+1B/hwkg
|
||||
+US+pmKywrxTl9cjkoXPPRvEnt+gdI5b1F3HIdK+MD7uJhBdmAoEH45T+5B9EIRG
|
||||
3OQwneGm/Ti4GQvXGQJgRlFCTd9f+6NK7etOTTI/6bkCgYEA92dJQ+DFzg+H5pC7
|
||||
8cC2aWyfmQaGNQiGn0Vbb+OTNUUrFoEkHWnx3229fkArxuBr3GUmqxgSMVlVadYR
|
||||
R7kFaUe5x+DBQNWkKN2BjO60cSSkDL2qpMyjGdsk815LqclGOZwzecF+Y4d2Pjg+
|
||||
nEXBjVjhEX5rCpfw/SCWJdqCHgsCgYEA0OzkzOD7m6OPXY+SXjcfoGx0wIS2Iw0J
|
||||
QDEJvs4Xsxxi/jSe69PIWXooJjuiPFi9yF+eroyU1/gPs+toKjKLeOK6lR/Da2Xq
|
||||
chlS3DnLwjGCMHEDGgUKWiBpNJgqhFrQtNfPn17vQAgUDv8AefKKxk9WV0I26MmP
|
||||
7FuzOLWN3h0CgYEAqX2nIcuBeBQHxJtvRsYBsePqysk/dGGs6Lx5UgQUu6/xPu+m
|
||||
MEh+ndTutul7lDn3avwZK6nH/Or4qxMur3ZAEMpEqnx9qM80MZLeyBBYqhKyGNBv
|
||||
cYuISZRqkhgNufncFGfAlC9NSR5qkWGy8xiO6yjyuCtlZdKGFMQYWUKDVdUCgYEA
|
||||
hMAhWXUTKn+w1rglPqwz8lE3liQ9PuRHnnwKPyzgrjQ5SmDRIfN9eC1AWZrGqSWR
|
||||
4UGwqCQ3Z0r9X0sS8s0PBg66k4qNNy6Y20rv9XLb31Zp7LHCUMQnIcE6V+rgCR1T
|
||||
Q7Vk/VTrHHqFlEm/Wb0dJIjAyc0O6rc4NezGYiAqNpkCgYADwUmclyFqwjfW1n1C
|
||||
sTgLr2KR7klBWMwQi40QNXLGVW+Yz0mkXC9zAvNZppQPPlzMvdnVtnAaCxPf5l2t
|
||||
sYOp0iEo5LWxjuFA4yKNgQiLKMGTfaWmhR+jckCtS+teDAkqDkq053pOH+k39sDS
|
||||
uSpbZibQO4PvyFDs/pOGfTu8Hw==
|
||||
-----END PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDzTCCArWgAwIBAgIGDhoh7QVJMA0GCSqGSIb3DQEBCwUAMD4xIDAeBgNVBAMM
|
||||
F1RhbmdvIFNlY3VyZSBHYXRld2F5IENBMRowGAYDVQQKDBFNYXNlcmF0aSBTb2x1
|
||||
dGlvbjAeFw0xOTAyMTcwMTM1MTJaFw0yMjAyMTgwMTM1MTJaMD4xIDAeBgNVBAMM
|
||||
F1RhbmdvIFNlY3VyZSBHYXRld2F5IENBMRowGAYDVQQKDBFNYXNlcmF0aSBTb2x1
|
||||
dGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMno29yuMEzXssn6
|
||||
UPZEz7YDi1zCml+BvTxlCexUSO2W1q3pzjH2yP1Wqo5q0ij70YcZn8UpJpycAPG6
|
||||
2b+lZKvafG2sl0zVIKpH04XZ5kZ+F0kra59Ytw6Rfv/4IQBdUQ5cvjHGc1Lnku47
|
||||
IIw6J0+Sr5fOTVIkEiukWuly0zFMXMly+7flyG2QXUjE+E3V1NVbosm3PnlTyC8n
|
||||
QGWD/DsSR+wd38oe8Ex2lsbHTa9OdZRc9gbKLbC87Lmm062GtKXHLEbCYHJ6E8+z
|
||||
lcaTszybZ5nN/4pvmL/Z77ATw+tcKkYvU+JyPgBvWEsXJlVG01V9XOqT6QIS/p5y
|
||||
FunZ8T8CAwEAAaOB0DCBzTAPBgNVHRMBAf8EBTADAQH/MBEGCWCGSAGG+EIBAQQE
|
||||
AwICBDB4BgNVHSUEcTBvBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggr
|
||||
BgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYB
|
||||
BAGCNwoDAwYKKwYBBAGCNwoDBAYJYIZIAYb4QgQBMA4GA1UdDwEB/wQEAwIBBjAd
|
||||
BgNVHQ4EFgQULQNPIvNlh8oGhVmVqAG3syRbdWAwDQYJKoZIhvcNAQELBQADggEB
|
||||
AAzCDOWcu38Sw+AWQSq5y0RwL6ga8W5hB0HTqxPpnUUhZN3LMl8F3E/1JK/wWDWF
|
||||
meJACTiL/rMDSWFUz57xGm4SmiPSOgWmToQ5PYahyNlkw9uODxRyl84zEMp/MXfi
|
||||
LL57v3XFRnTbTHaEu3ew/Xjkhq1/mhwYblP17iPq1i8o4AqX2OGLIueDrz3j80AV
|
||||
syrm3cFE5jPJHvvVuArvIDdCnhCX2g0Es6cYSYppMxRtRiZnydqJ3o326zTigdIB
|
||||
8zYflognJJkV2lavt0nz4NkvmlOj3S88smWxxYRzKEpEw8/m+DbhGIx6R7w0Ot6Q
|
||||
bzLgBvYDF+BCkkjaQCR334M=
|
||||
-----END CERTIFICATE-----
|
||||
51
ca/tango-ca-v3-untrust-ca.pem
Normal file
51
ca/tango-ca-v3-untrust-ca.pem
Normal file
@@ -0,0 +1,51 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCrtAM/GPvdhxsA
|
||||
uipj2ohNEN7NCD11fu3wDQ8rO+n2BXdTobpfMh816e7vtPSz1VEMYr4DTRe8GpEp
|
||||
Yj3bxnWLVAe9+M4A1E1a/K9F50wqlF/Mm12MlSF3hscPRwfO1k0tYcNwVOfuoyTD
|
||||
BvqVXxZaz+nM70h38wkfqfaOeLC/eB7khejq5HSCQvTPtBShY8ZhAIPkybk8YUBH
|
||||
IQjHV4vqRGxkAgSxgrT7z99Sqd8NJE48M0b7IyhaWisGHCa2KDK7xbPRzojX9Oi2
|
||||
F/rraZZo4t6p9ab7SxV/+JZ7juE5PbGJs+cXJe3fufXAisGtX2LougxQEpO6BB8c
|
||||
1j4gtF7rAgMBAAECggEANbwqX+7Ts+p6WunoJkPX8DZdY9E2WrUUhdGwc5lWiPYA
|
||||
+B1fFDe9aMQDUOVSx4z0xmmIicPwr5+o2kiyjzs2whnUKnHZFo1agCUgPUI7pf+1
|
||||
U3Uz+7EYPi3h0jgqi2Kp2JAF9/u6cgaAlMB0X5bYiicTRl2EUnWu30fzr3a56dGM
|
||||
nKf3p9ELEud7ax+kC7fEspJoxSWVbqHK1d78OubfsUjyiE9zAC1znH8nZURYx5SP
|
||||
u7k6L9lcBOAqLQ2//zAVLvjdcpATFsgodnQQYFHRYkJSjmIY50dIuqf0JwtGZVYt
|
||||
xtOaxE5jDc2odh9Ly7jVYTspX4QN3KlkiUmAfeSMkQKBgQDYv4Rn+FiPaRkNazJI
|
||||
WSzsGKLjnd8gNfQjh65wqTDDGECjBH8xtzIuOJ+XXc/L+iNGRsf9grnWsTJsuMby
|
||||
u+YD3OfHFpsbHaYtTNP64e/hUk5MHE1oNLmptFTnqFyreICPJaGJToOjTiunF/rj
|
||||
cS32/z6B7JbfufWvtMH7yvI+RQKBgQDKzDQmjrvjc4yhVnB71TwqKVKGi5YdQPM/
|
||||
WfLUgXebzy+ZhwdDhIGoNs9GR1WRakJrPBQdpWazEK0ig9qYMa0lki26QyhfyZg1
|
||||
eYkDgIxvA8/AJxlp0gYgAdn34WhQDoSHQW4jEiMJIxV0uvzvMpMDyewLEQ+k6dLB
|
||||
87/Cur9TbwKBgGCBhXa1gNj5tone/NhxvCqzHXOzSzGQVE+tjeHjsy5qkf0Dd46v
|
||||
PsyNsaE3x9nOWf5kbY9WsWACLa1y6EITn2qA5UIjspP0M5Vf69J83s24U9xXja+k
|
||||
KjaBcHxk3j4KvVL/Mllsd/gySgVwC+lQ72JWa4J10Qd0SQwes3BlAE7xAoGAEo3U
|
||||
R6LPdePgffJWoD3GH2Vgc4bZ2RtUJfuox+CAfPTbugQsmfTJmAZLuHZWUdOS+BSr
|
||||
EntLhh6EeJ/vo/UHjmRtYpk6XGkpT9squfNM5etHWqE5JgFdJhiFRLSOwqRRY76M
|
||||
wRCru+5FzEQ/V/McmEAlJG4PLFtoOO6AIOTNFGkCgYAY+e5iN+VUJ4ziFn5Ytjhd
|
||||
8fs2YajiLMrS5r7gANVAJIA0991ZkJGTSosSqwMM3cM9fsS0kfWKv64QgW5M1uGX
|
||||
3eJl7ojVilxFMCzS+OdjUOrVQFE7P1/fDozxwvFOfYZE024XAY0PvAme59m8Kbqt
|
||||
1H4MiZbv4gVIbK5mI9ZzFw==
|
||||
-----END PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID3TCCAsWgAwIBAgIGDhoh7clOMA0GCSqGSIb3DQEBCwUAMEYxKDAmBgNVBAMM
|
||||
H1RhbmdvIFNlY3VyZSBHYXRld2F5IENBIFVOVFJVU1QxGjAYBgNVBAoMEU1hc2Vy
|
||||
YXRpIFNvbHV0aW9uMB4XDTE5MDIxNzAxMzUxN1oXDTIyMDIxODAxMzUxN1owRjEo
|
||||
MCYGA1UEAwwfVGFuZ28gU2VjdXJlIEdhdGV3YXkgQ0EgVU5UUlVTVDEaMBgGA1UE
|
||||
CgwRTWFzZXJhdGkgU29sdXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQCrtAM/GPvdhxsAuipj2ohNEN7NCD11fu3wDQ8rO+n2BXdTobpfMh816e7v
|
||||
tPSz1VEMYr4DTRe8GpEpYj3bxnWLVAe9+M4A1E1a/K9F50wqlF/Mm12MlSF3hscP
|
||||
RwfO1k0tYcNwVOfuoyTDBvqVXxZaz+nM70h38wkfqfaOeLC/eB7khejq5HSCQvTP
|
||||
tBShY8ZhAIPkybk8YUBHIQjHV4vqRGxkAgSxgrT7z99Sqd8NJE48M0b7IyhaWisG
|
||||
HCa2KDK7xbPRzojX9Oi2F/rraZZo4t6p9ab7SxV/+JZ7juE5PbGJs+cXJe3fufXA
|
||||
isGtX2LougxQEpO6BB8c1j4gtF7rAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB
|
||||
/zARBglghkgBhvhCAQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUF
|
||||
BwMCBggrBgEFBQcDBAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYG
|
||||
CisGAQQBgjcKAwEGCisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAO
|
||||
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFI/dacOl4JQdR9xDiWpJf/2mvblUMA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQAOWQiEcJqpen1/AXfprE+9uqwQWt/Gh8UPYZPE7Kcc
|
||||
VnhlqTDO+nGLVPM97ju/NjFNojJaMxsKBHVcRRHA3V+sKtqoHNUVhHJLtMDvh+2w
|
||||
vloUM11ckgilIOYqFzjeIL11NB4ivAN7V9jP6Sh8gC31Q6Ttd6FkJ7f9QObQ6sKT
|
||||
OEmaMqKVe6H0+U4jhQF3/gSW+PAIb1YIJof/wtewBCDm5Pp2UYaNlrnMGTIxayXQ
|
||||
Cc+h16oDTRPBsLZgDkmR5fslRH9CAbxC4/b2M1jU/MKlWlu7ThzAPPEtEKqpiLSi
|
||||
Ebfe/jvJ786VcXwO09FWfCiUjE9Gf4rbMZjkkHOL7UPa
|
||||
-----END CERTIFICATE-----
|
||||
@@ -11,8 +11,8 @@ thread-nu = 4
|
||||
expire_after = 30
|
||||
#Local default root certificate path
|
||||
local_debug = 0
|
||||
ca_path = ../ca/mesalab-ca.pem
|
||||
untrusted_ca_path = ../ca/mesalab-ca-untrust.pem
|
||||
ca_path = ./cert/tango-ca-v3-trust-ca.pem
|
||||
untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
|
||||
[NTC_MAAT]
|
||||
#Configure the load mode,
|
||||
#0: using the configuration distribution network
|
||||
@@ -22,13 +22,13 @@ maat_json_switch=2
|
||||
#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
|
||||
effective_interval=1
|
||||
#Specify the location of the configuration library table file
|
||||
table_info=../conf/table_info.conf
|
||||
table_info=./conf/table_info.conf
|
||||
#Incremental profile path
|
||||
inc_cfg_dir=../rule/inc/index
|
||||
inc_cfg_dir=./rule/inc/index
|
||||
#Full profile path
|
||||
full_cfg_dir=../rule/full/index
|
||||
full_cfg_dir=./rule/full/index
|
||||
#Json file path when json schema is used
|
||||
pxy_obj_keyring=../conf/pxy_obj_keyring.json
|
||||
pxy_obj_keyring=./conf/pxy_obj_keyring.json
|
||||
[LIBEVENT]
|
||||
#Local monitor port number, default is 9991
|
||||
port = 9991
|
||||
|
||||
@@ -383,41 +383,6 @@ ssl_x509_v3ext_copy_by_nid(X509 *crt, X509 *origcrt, int nid)
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**todo Use rules to determine if an sni exists */
|
||||
static int
|
||||
x509_alt_name_cmp(unsigned char *name, char *extraname)
|
||||
{
|
||||
return strcmp((char *)name, extraname);
|
||||
}
|
||||
|
||||
static int
|
||||
x509_get_alt_name(X509 *x509, char *extraname)
|
||||
{
|
||||
int i, xret = 1;
|
||||
|
||||
if (x509 == NULL || extraname[0] == '\0'){
|
||||
xret = 0;
|
||||
goto finish;
|
||||
}
|
||||
|
||||
GENERAL_NAMES* subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
|
||||
if (subjectAltNames){
|
||||
int cnt = sk_GENERAL_NAME_num(subjectAltNames);
|
||||
|
||||
for (i = 0; i < cnt; i++) {
|
||||
GENERAL_NAME* generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
|
||||
xret = x509_alt_name_cmp(ASN1_STRING_data(GENERAL_NAME_get0_value(generalName, NULL)), extraname);
|
||||
if (xret == 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (subjectAltNames)
|
||||
GENERAL_NAMES_free(subjectAltNames);
|
||||
finish:
|
||||
return xret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add extension using V3 code: we can set the config file as NULL because we
|
||||
* wont reference any other sections.
|
||||
@@ -487,13 +452,11 @@ finish:
|
||||
|
||||
X509 *
|
||||
x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey,
|
||||
int days, char *extraname, char *crl)
|
||||
int days, char *crl)
|
||||
{
|
||||
int rv;
|
||||
X509 *crt = NULL;
|
||||
EVP_PKEY* key = NULL;
|
||||
GENERAL_NAME *gn = NULL;
|
||||
GENERAL_NAMES *names = NULL;
|
||||
X509_NAME *subject = NULL, *issuer = NULL;
|
||||
|
||||
if(!create_client_key(&key, pkey, 1024)){
|
||||
@@ -564,51 +527,12 @@ x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey,
|
||||
goto errout;
|
||||
}
|
||||
}
|
||||
char *cfval;
|
||||
if (x509_get_alt_name(origcrt, extraname) == 0) {
|
||||
/* no extraname provided: copy original subjectAltName ext */
|
||||
if (ssl_x509_v3ext_copy_by_nid(crt, origcrt,
|
||||
NID_subject_alt_name) == -1)
|
||||
goto errout;
|
||||
} else {
|
||||
names = (GENERAL_NAMES *)X509_get_ext_d2i(origcrt, NID_subject_alt_name, 0, 0);
|
||||
if (!names) {
|
||||
/* no subjectAltName present: add new one */
|
||||
cfval = (char *)malloc(strlen(extraname) + 5);
|
||||
if (sprintf(cfval, "DNS:%s", extraname) < 0)
|
||||
goto errout;
|
||||
if (ssl_x509_v3ext_add(&ctx, crt, "subjectAltName",
|
||||
cfval) == -1) {
|
||||
free(cfval);
|
||||
goto errout;
|
||||
}
|
||||
free(cfval);
|
||||
} else {
|
||||
/* add extraname to original subjectAltName
|
||||
* and add it to the new certificate */
|
||||
gn = GENERAL_NAME_new();
|
||||
if (!gn)
|
||||
goto errout2;
|
||||
gn->type = GEN_DNS;
|
||||
gn->d.dNSName = ASN1_IA5STRING_new();
|
||||
if (!gn->d.dNSName)
|
||||
goto errout3;
|
||||
ASN1_STRING_set(gn->d.dNSName,
|
||||
(unsigned char *)extraname,
|
||||
strlen(extraname));
|
||||
sk_GENERAL_NAME_push(names, gn);
|
||||
X509_EXTENSION *ext = X509V3_EXT_i2d(
|
||||
NID_subject_alt_name, 0, names);
|
||||
if (!X509_add_ext(crt, ext, -1)) {
|
||||
if (ext) {
|
||||
X509_EXTENSION_free(ext);
|
||||
}
|
||||
goto errout3;
|
||||
}
|
||||
X509_EXTENSION_free(ext);
|
||||
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
|
||||
}
|
||||
}
|
||||
/* no extraname provided: copy original subjectAltName ext */
|
||||
if (ssl_x509_v3ext_copy_by_nid(crt, origcrt,
|
||||
NID_subject_alt_name) == -1)
|
||||
{
|
||||
goto errout;
|
||||
}
|
||||
#ifdef DEBUG_CERTIFICATE
|
||||
ssl_x509_v3ext_add(&ctx, crt, "nsComment", "Generated by " PKGLABEL);
|
||||
#endif /* DEBUG_CERTIFICATE */
|
||||
@@ -705,11 +629,6 @@ x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey,
|
||||
goto errout;
|
||||
|
||||
return crt;
|
||||
|
||||
errout3:
|
||||
GENERAL_NAME_free(gn);
|
||||
errout2:
|
||||
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
|
||||
errout:
|
||||
X509_free(crt);
|
||||
EVP_PKEY_free(key);
|
||||
@@ -840,8 +759,9 @@ redis_reget_callback(redisAsyncContext __attribute__((__unused__))*cl_ctx,
|
||||
void keyring_table_free_cb(int __attribute__((__unused__))table_id, MAAT_PLUGIN_EX_DATA* ad,
|
||||
long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp)
|
||||
{
|
||||
if (ad == NULL)
|
||||
if (*ad == NULL)
|
||||
return;
|
||||
|
||||
struct pxy_obj_keyring* pxy_obj=(struct pxy_obj_keyring*)(*ad);
|
||||
atomic64_dec(&pxy_obj->ref_cnt);
|
||||
if (atomic64_read(&pxy_obj->ref_cnt) == 0)
|
||||
@@ -850,7 +770,8 @@ long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp)
|
||||
X509_free(pxy_obj->root);
|
||||
if (pxy_obj->key)
|
||||
EVP_PKEY_free(pxy_obj->key);
|
||||
kfree(&pxy_obj);
|
||||
free(pxy_obj);
|
||||
pxy_obj = NULL;
|
||||
*ad=NULL;
|
||||
}
|
||||
}
|
||||
@@ -1065,7 +986,7 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req
|
||||
_crl = pxy_obj->v3_ctl;
|
||||
modify:
|
||||
x509 = x509_modify_by_cert(_root, _key, request->origin, pkey,
|
||||
_expire, request->sni, _crl);
|
||||
_expire, _crl);
|
||||
if (!x509){
|
||||
goto finish;
|
||||
}
|
||||
@@ -2002,8 +1923,13 @@ void keyring_table_dup_cb(int __attribute__((__unused__))table_id, MAAT_PLUGIN_E
|
||||
long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp)
|
||||
{
|
||||
struct pxy_obj_keyring* pxy_obj=(struct pxy_obj_keyring*)(*from);
|
||||
if(pxy_obj==NULL)
|
||||
{
|
||||
*to=NULL;
|
||||
return;
|
||||
}
|
||||
atomic64_inc (&pxy_obj->ref_cnt);
|
||||
*to=pxy_obj;
|
||||
*((struct pxy_obj_keyring**)to)=pxy_obj;
|
||||
}
|
||||
|
||||
int maat_table_ex_init(const char* table_name,
|
||||
|
||||
@@ -11,22 +11,22 @@ install:
|
||||
#
|
||||
# cp -f lib/* /usr/local/lib/
|
||||
# sudo ldconfig
|
||||
if [ ! -d "/home/ceiec/certstore" ]; then mkdir -p "/home/ceiec/certstore"; fi
|
||||
if [ ! -d "/home/tsg/certstore" ]; then mkdir -p "/home/tsg/certstore"; fi
|
||||
|
||||
chmod +x certstore r2_certstore r3_certstore
|
||||
chmod +x tool/signssl.sh tool/x509
|
||||
|
||||
for d in $(SUBDIRS); do \
|
||||
cp -rf $$d /home/ceiec/certstore; \
|
||||
cp -rf $$d /home/tsg/certstore; \
|
||||
done
|
||||
|
||||
update:
|
||||
chmod +x certstore
|
||||
cp -f certstore /home/ceiec/certstore
|
||||
cp -f certstore /home/tsg/certstore
|
||||
|
||||
# cp -f bin/cert_server /usr/local/bin/
|
||||
|
||||
uninstall:
|
||||
rm -rf /home/ceiec/certstore
|
||||
rm -rf /home/tsg/certstore
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user