commit - 58d51f2c1171da65fd4c6d9007d9782a9dbb8bad
commit + 1eb3631d10e20f089be8f5bb7b81505a068813a4
blob - 6d84b2908bb6ac1368bb61dc62f0e655598ac0c0
blob + 4ab9ef88dcb2958332fcff671c42e6c8f88ec628
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,7 @@
+2021-05-12  Omar Polo  <op@omarpolo.com>
+
+	* utils.c (gen_certificate): don't add gmid as organisation when generating the certificate, and now it set the version 3, so it's compatible with java/android
+
 2021-05-09  Omar Polo  <op@omarpolo.com>
 
 	* server.c (apply_fastcgi): added fastcgi support!
blob - 1fda993c183f58bc7681c1c603f6a173e993c987
blob + 9a67ff6db934aabd4f882442af37332ab1487393
--- utils.c
+++ utils.c
@@ -115,7 +115,6 @@ gen_certificate(const char *hostname, const char *cert
 	X509		*x509;
 	X509_NAME	*name;
 	FILE		*f;
-	const unsigned char *org = (const unsigned char*)"gmid";
 	const unsigned char *host = (const unsigned char*)hostname;
 
 	log_notice(NULL,
@@ -131,7 +130,7 @@ gen_certificate(const char *hostname, const char *cert
 	if ((e = BN_new()) == NULL)
 		fatal("couldn't allocate a bignum");
 
-	BN_set_word(e, 17);
+	BN_set_word(e, RSA_F4);
 	if (!RSA_generate_key_ex(rsa, 4096, e, NULL))
 		fatal("couldn't generate a rsa key");
 
@@ -141,16 +140,15 @@ gen_certificate(const char *hostname, const char *cert
 	if ((x509 = X509_new()) == NULL)
 		fatal("couldn't generate the X509 certificate");
 
-	ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
+	ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
 	X509_gmtime_adj(X509_get_notBefore(x509), 0);
 	X509_gmtime_adj(X509_get_notAfter(x509), 315360000L); /* 10 years */
+	X509_set_version(x509, 3);
 
 	if (!X509_set_pubkey(x509, pkey))
 		fatal("couldn't set the public key");
 
 	name = X509_get_subject_name(x509);
-	if (!X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, org, -1, -1, 0))
-		fatal("couldn't add N to cert");
 	if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, host, -1, -1, 0))
 		fatal("couldn't add CN to cert");
 	X509_set_issuer_name(x509, name);