Branch: Tag:

2014-03-28

2014-03-28 20:28:18 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Protocols.HTTP.Server.SSLPort: Default to all cert types.

set_default_keycert() now creates and adds one certificate of each
of RSA, DSA/DSS and ECDSA.

78: Inside #if constant(SSL.Cipher.CipherAlgorithm)
   //!    void set_default_keycert()    { -  Crypto.Sign private_key = Crypto.RSA(); -  private_key->generate_key( 4096 ); +  foreach(({ Crypto.RSA(), Crypto.DSA(), + #if constant(Crypto.ECC.Curve) +  Crypto.ECC.SECP_521R1.ECDSA(), + #endif +  }), Crypto.Sign private_key) { +  private_key->set_random(Crypto.Random.random_string); +  switch(private_key->name()) { +  case "RSA": +  private_key->generate_key(4096); +  break; +  case "DSA": +  private_key->generate_key(4096, 160); +  break; +  default: +  // ECDSA. +  private_key->generate_key(); +  break; +  }       mapping a = ([    "organizationName" : "Pike TLS server",
88: Inside #if constant(SSL.Cipher.CipherAlgorithm)
      add_cert( private_key,    ({ -  Standards.X509.make_selfsigned_certificate(private_key, 3600*24*365, a) +  Standards.X509.make_selfsigned_certificate(private_key, +  3600*24*365, a)    }) );    } -  +  }          // ---- Remove this?