调整keykeeper证书过期时间
This commit is contained in:
崔一鸣
@@ -302,7 +302,7 @@ char * ssl_ssl_masterkey_to_str(SSL * ssl)
|
||||
unsigned char * k, * r;
|
||||
//https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_master_key.html
|
||||
//In current versions of the TLS protocols, the length of client_random (and also server_random) is
|
||||
//always SSL3_RANDOM_SIZE bytes.
|
||||
//always SSL3_RANDOM_SIZE bytes.
|
||||
unsigned char kbuf[48]={0}, rbuf[32]={0};//
|
||||
k = &kbuf[0];
|
||||
r = &rbuf[0];
|
||||
@@ -659,7 +659,7 @@ static time_t ASN1_GetTimeT(ASN1_TIME* time){
|
||||
* The optional argument extraname is added to subjectAltNames if provided.
|
||||
*/
|
||||
X509 * ssl_x509_forge(X509 * cacrt, EVP_PKEY * cakey, X509 * origcrt, EVP_PKEY * key,
|
||||
const char * extraname, const char * crlurl)
|
||||
const char * extraname, const char * crlurl, int cert_expire_time)
|
||||
{
|
||||
X509_NAME * subject, * issuer;
|
||||
GENERAL_NAMES * names;
|
||||
@@ -680,15 +680,24 @@ X509 * ssl_x509_forge(X509 * cacrt, EVP_PKEY * cakey, X509 * origcrt, EVP_PKEY *
|
||||
!X509_set_subject_name(crt, subject) ||
|
||||
!X509_set_issuer_name(crt, issuer) ||
|
||||
ssl_x509_serial_copyrand(crt, origcrt) == -1 ||
|
||||
//!X509_gmtime_adj(X509_get_notBefore(crt), (long) -60 * 60 * 24) ||
|
||||
//!X509_gmtime_adj(X509_get_notAfter(crt), (long) 60 * 60 * 24 * 364) ||
|
||||
!X509_set_pubkey(crt, key))
|
||||
goto errout;
|
||||
|
||||
ASN1_TIME_set(X509_get_notBefore(crt), ASN1_GetTimeT(X509_get_notBefore(origcrt)));
|
||||
ASN1_TIME_set(X509_get_notAfter(crt), ASN1_GetTimeT(X509_get_notAfter(origcrt)));
|
||||
/* add standard v3 extensions; cf. RFC 2459 */
|
||||
if(cert_expire_time == -1)
|
||||
{
|
||||
ASN1_TIME_set(X509_get_notBefore(crt), ASN1_GetTimeT(X509_get_notBefore(origcrt)));
|
||||
ASN1_TIME_set(X509_get_notAfter(crt), ASN1_GetTimeT(X509_get_notAfter(origcrt)));
|
||||
}
|
||||
else
|
||||
{
|
||||
if(!X509_gmtime_adj(X509_get_notBefore(crt), (long)(0 - cert_expire_time * 1800)) ||
|
||||
!X509_gmtime_adj(X509_get_notAfter(crt), (long)(cert_expire_time * 1800))
|
||||
{
|
||||
goto errout;
|
||||
}
|
||||
}
|
||||
|
||||
/* add standard v3 extensions; cf. RFC 2459 */
|
||||
X509V3_CTX ctx;
|
||||
X509V3_set_ctx(&ctx, cacrt, crt, NULL, NULL, 0);
|
||||
if (ssl_x509_v3ext_add(&ctx, crt, "subjectKeyIdentifier", "hash") == -1 ||
|
||||
@@ -2344,7 +2353,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
|
||||
}
|
||||
}
|
||||
_chello->cipher_suites_len = j*2;
|
||||
|
||||
|
||||
pos += len;
|
||||
|
||||
/* Compression Methods */
|
||||
|
||||
Reference in New Issue
Block a user