commit 1eb3631d10e20f089be8f5bb7b81505a068813a4 from: Omar Polo date: Wed May 12 17:37:22 2021 UTC certificate generation (bugfix and improvement) don't add gmid as organisation when generating the certificate, and set the version to 3, so it's compatible with java/android clients. Found by Gnuserland, thanks! commit - 58d51f2c1171da65fd4c6d9007d9782a9dbb8bad commit + 1eb3631d10e20f089be8f5bb7b81505a068813a4 blob - 6d84b2908bb6ac1368bb61dc62f0e655598ac0c0 blob + 4ab9ef88dcb2958332fcff671c42e6c8f88ec628 --- ChangeLog +++ ChangeLog @@ -1,3 +1,7 @@ +2021-05-12 Omar Polo + + * utils.c (gen_certificate): don't add gmid as organisation when generating the certificate, and now it set the version 3, so it's compatible with java/android + 2021-05-09 Omar Polo * server.c (apply_fastcgi): added fastcgi support! blob - 1fda993c183f58bc7681c1c603f6a173e993c987 blob + 9a67ff6db934aabd4f882442af37332ab1487393 --- utils.c +++ utils.c @@ -115,7 +115,6 @@ gen_certificate(const char *hostname, const char *cert X509 *x509; X509_NAME *name; FILE *f; - const unsigned char *org = (const unsigned char*)"gmid"; const unsigned char *host = (const unsigned char*)hostname; log_notice(NULL, @@ -131,7 +130,7 @@ gen_certificate(const char *hostname, const char *cert if ((e = BN_new()) == NULL) fatal("couldn't allocate a bignum"); - BN_set_word(e, 17); + BN_set_word(e, RSA_F4); if (!RSA_generate_key_ex(rsa, 4096, e, NULL)) fatal("couldn't generate a rsa key"); @@ -141,16 +140,15 @@ gen_certificate(const char *hostname, const char *cert if ((x509 = X509_new()) == NULL) fatal("couldn't generate the X509 certificate"); - ASN1_INTEGER_set(X509_get_serialNumber(x509), 1); + ASN1_INTEGER_set(X509_get_serialNumber(x509), 0); X509_gmtime_adj(X509_get_notBefore(x509), 0); X509_gmtime_adj(X509_get_notAfter(x509), 315360000L); /* 10 years */ + X509_set_version(x509, 3); if (!X509_set_pubkey(x509, pkey)) fatal("couldn't set the public key"); name = X509_get_subject_name(x509); - if (!X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, org, -1, -1, 0)) - fatal("couldn't add N to cert"); if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, host, -1, -1, 0)) fatal("couldn't add CN to cert"); X509_set_issuer_name(x509, name);