linuxdcpp-team team mailing list archive

Thread
Date

[Branch ~dcplusplus-team/dcplusplus/trunk] Rev 2391: Add a dummy serial number to TLS certs to satisfy some parsers

To: LinuxDC++ Team <linuxdcpp-team@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Wed, 12 Jan 2011 14:35:47 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 2391
committer: poy <poy@xxxxxxxxxx>
branch nick: trunk
timestamp: Wed 2011-01-12 15:32:26 +0100
message:
  Add a dummy serial number to TLS certs to satisfy some parsers
modified:
  changelog.txt
  dcpp/CryptoManager.cpp
  dcpp/SSL.h


--
lp:dcplusplus
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk

Your team Dcplusplus-team is subscribed to branch lp:dcplusplus.
To unsubscribe from this branch go to https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk/+edit-subscription

=== modified file 'changelog.txt'
--- changelog.txt	2011-01-10 22:12:39 +0000
+++ changelog.txt	2011-01-12 14:32:26 +0000
@@ -1,3 +1,5 @@
+* Add a dummy serial number to TLS certs to satisfy some parsers (poy)
+
 -- 0.780 2011-01-10 --
 * Compiled with C++0x support
 * Update Boost to version 1.45

=== modified file 'dcpp/CryptoManager.cpp'
--- dcpp/CryptoManager.cpp	2011-01-02 17:12:02 +0000
+++ dcpp/CryptoManager.cpp	2011-01-12 14:32:26 +0000
@@ -146,11 +146,12 @@
 	ssl::BIGNUM bn(BN_new());
 	ssl::RSA rsa(RSA_new());
 	ssl::EVP_PKEY pkey(EVP_PKEY_new());
+	ssl::ASN1_INTEGER sn(ASN1_INTEGER_new());
 	ssl::X509_NAME nm(X509_NAME_new());
 	const EVP_MD *digest = EVP_sha1();
 	ssl::X509 x509ss(X509_new());
 
-	if(!bn || !rsa || !pkey || !nm || !x509ss) {
+	if(!bn || !rsa || !pkey || !sn || !nm || !x509ss) {
 		throw CryptoException(_("Error generating certificate"));
 	}
 
@@ -169,6 +170,8 @@
 		(const unsigned char*)ClientManager::getInstance()->getMyCID().toBase32().c_str(), -1, -1, 0)))
 
 	// Prepare self-signed cert
+	CHECK((ASN1_INTEGER_set(sn, 1))) // set the serial number to just "1"
+	CHECK((X509_set_serialNumber(x509ss, sn)))
 	CHECK((X509_set_issuer_name(x509ss, nm)))
 	CHECK((X509_set_subject_name(x509ss, nm)))
 	CHECK((X509_gmtime_adj(X509_get_notBefore(x509ss), 0)))
@@ -293,7 +296,11 @@
 	}
 	ssl::X509 x509(tmpx509);
 
-	// Check subject name
+	ASN1_INTEGER* sn = X509_get_serialNumber(x509);
+	if(!sn || !ASN1_INTEGER_get(sn)) {
+		return false;
+	}
+
 	X509_NAME* name = X509_get_subject_name(x509);
 	if(!name) {
 		return false;

=== modified file 'dcpp/SSL.h'
--- dcpp/SSL.h	2008-07-07 15:48:22 +0000
+++ dcpp/SSL.h	2011-01-12 14:32:26 +0000
@@ -27,6 +27,7 @@
 	T* t;
 };
 
+typedef scoped_handle<ASN1_INTEGER, ASN1_INTEGER_free> ASN1_INTEGER;
 typedef scoped_handle<BIGNUM, BN_free> BIGNUM;
 typedef scoped_handle<DH, DH_free> DH;
 typedef scoped_handle<DSA, DSA_free> DSA;