int main(int argc, char **argv)
{
if (argc > 2) {
printf("usage: %s [passwd]\n", argv[0]);
return -1;
}
BIO* bio_err;
X509_REQ* req = NULL;
EVP_PKEY* pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkreq(&req, &pkey, 1024, 0, 365);
if (argc == 1) {
mkcert(req, "rootkey.pem", "rootcert.pem", NULL);
} else if (argc == 2) {
mkcert(req, "rootkey.pem", "rootcert.pem", argv[1]);
}
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
X509_REQ_print_fp(stdout, req);
PEM_write_X509_REQ(stdout, req);
X509_REQ_free(req);
EVP_PKEY_free(pkey);
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return 0;
}
int main(int argc, char **argv)
{
BIO *bio_err;
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509,&pkey,512,0,365);
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_print_fp(stdout,x509);
PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(stdout,x509);
X509_free(x509);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
int main(int argc, char **argv)
{
BIO *bio_err;
X509 *x509=NULL;
EVP_PKEY *pkey=NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509,&pkey,argv[1],1024,0,365);
FILE* file = fopen(argv[2], "w");
PEM_write_PrivateKey(file,pkey,NULL,NULL,0,NULL, NULL);
fclose(file);
printf("Private key written to: %s\n", argv[2]);
file = fopen(argv[3], "w");
X509_print_fp(file,x509);
PEM_write_X509(file,x509);
fclose(file);
printf("Certificate written to: %s\n", argv[3]);
X509_free(x509);
EVP_PKEY_free(pkey);
ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return(0);
}
SSLStream::SSLStream(Stream::ptr parent, bool client, bool own, SSL_CTX *ctx)
: MutatingFilterStream(parent, own)
{
MORDOR_ASSERT(parent);
clearSSLError();
if (ctx)
m_ctx.reset(ctx, &nop<SSL_CTX *>);
else
m_ctx.reset(SSL_CTX_new(client ? SSLv23_client_method() :
SSLv23_server_method()), &SSL_CTX_free);
if (!m_ctx) {
MORDOR_ASSERT(hasOpenSSLError());
MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage()))
// << boost::errinfo_api_function("SSL_CTX_new");
;
}
// Auto-generate self-signed server cert
if (!ctx && !client) {
std::shared_ptr<X509> cert;
std::shared_ptr<EVP_PKEY> pkey;
mkcert(cert, pkey, 1024, rand(), 365);
SSL_CTX_use_certificate(m_ctx.get(), cert.get());
SSL_CTX_use_PrivateKey(m_ctx.get(), pkey.get());
}
m_ssl.reset(SSL_new(m_ctx.get()), &SSL_free);
if (!m_ssl) {
MORDOR_ASSERT(hasOpenSSLError());
MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage()))
// << boost::errinfo_api_function("SSL_CTX_new");
;
}
m_readBio = BIO_new(BIO_s_mem());
m_writeBio = BIO_new(BIO_s_mem());
if (!m_readBio || !m_writeBio) {
if (m_readBio) BIO_free(m_readBio);
if (m_writeBio) BIO_free(m_writeBio);
MORDOR_ASSERT(hasOpenSSLError());
MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage()))
// << boost::errinfo_api_function("BIO_new");
;
}
BIO_set_mem_eof_return(m_readBio, -1);
SSL_set_bio(m_ssl.get(), m_readBio, m_writeBio);
}
struct CertKeyPair generateCertKeyPair() {
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
PKCS12 *p12 = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
mkcert(&x509, &pkey, NUM_BITS, SERIAL, NUM_YEARS);
p12 = PKCS12_create("limelight", "GameStream", pkey, x509, NULL, 0, 0, 0, 0, 0);
if (p12 == NULL) {
printf("Error generating a valid PKCS12 certificate.\n");
}
// Debug Print statements
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
//X509_print_fp(stdout, x509);
//PEM_write_PUBKEY(stdout, pkey);
//PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
//PEM_write_X509(stdout, x509);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (CertKeyPair){x509, pkey, p12};
}
bool OTLowLevelKeyData::MakeNewKeypair(int32_t nBits/*=1024*/)
{
// ---------------------------------------
// OpenSSL_BIO bio_err = NULL;
X509 * x509 = NULL;
EVP_PKEY * pNewKey = NULL;
// CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); // memory leak detection. Leaving this for now.
// bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
// actually generate the things. // TODO THESE PARAMETERS...(mkcert)
mkcert(&x509, &pNewKey, nBits, 0, 3650); // 3650=10 years. Todo hardcoded.
// Note: 512 bit key CRASHES
// 1024 is apparently a minimum requirement, if not an only requirement.
// Will need to go over just what sorts of keys are involved here... todo.
// ------------------------------------------------------------
if (NULL == x509)
{
OTLog::vError("%s: Failed attempting to generate new x509 cert.\n", __FUNCTION__);
if (NULL != pNewKey)
EVP_PKEY_free(pNewKey);
pNewKey = NULL;
return false;
}
// ---------------------------------------------------------------
if (NULL == pNewKey)
{
OTLog::vError("%s: Failed attempting to generate new private key.\n", __FUNCTION__);
if (NULL != x509)
X509_free(x509);
x509 = NULL;
return false;
}
// ---------------------------------------------------------------
// Below this point, x509 and pNewKey will need to be cleaned up properly.
if (m_bCleanup)
Cleanup();
m_bCleanup = true;
dp->m_pKey = pNewKey;
dp->m_pX509 = x509;
// --------COMMENT THIS OUT FOR PRODUCTION -------- TODO security
// (Debug only.)
// RSA_print_fp(stdout, pNewKey->pkey.rsa, 0); // human readable
// X509_print_fp(stdout, x509); // human readable
// --------COMMENT THIS OUT FOR PRODUCTION -------- TODO security
// (Debug only.)
// write the private key, then the x509, to stdout.
// OTPasswordData thePWData2("OTPseudonym::GenerateNym is calling PEM_write_PrivateKey...");
//
// PEM_write_PrivateKey(stdout, pNewKey, EVP_des_ede3_cbc(), NULL, 0, OTAsymmetricKey::GetPasswordCallback(), &thePWData2);
// PEM_write_X509(stdout, x509);
// ---------------------------------------------------------------
return true;
}
SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix)
{
//BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
char *rsa = NULL, *pvt = NULL;
FILE *fp;
char *pem = NULL;
if (switch_stristr(".pem", prefix)) {
if (switch_is_file_path(prefix)) {
pem = strdup(prefix);
} else {
pem = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
}
if (switch_file_exists(pem, NULL) == SWITCH_STATUS_SUCCESS) {
goto end;
}
} else {
if (switch_is_file_path(prefix)) {
pvt = switch_mprintf("%s.key", prefix);
rsa = switch_mprintf("%s.crt", prefix);
} else {
pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
}
if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) {
goto end;
}
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
//bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509, &pkey, 1024, 0, 36500);
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
//X509_print_fp(stdout, x509);
if (pem) {
if ((fp = fopen(pem, "w"))) {
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(fp, x509);
fclose(fp);
}
} else {
if (pvt && (fp = fopen(pvt, "w"))) {
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
fclose(fp);
}
if (rsa && (fp = fopen(rsa, "w"))) {
PEM_write_X509(fp, x509);
fclose(fp);
}
}
X509_free(x509);
EVP_PKEY_free(pkey);
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
//CRYPTO_mem_leaks(bio_err);
//BIO_free(bio_err);
end:
switch_safe_free(pvt);
switch_safe_free(rsa);
switch_safe_free(pem);
return(0);
}
