pike.git / lib / modules / SSL.pmod / https.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/https.pike:141:    {    SSL.Context ctx = MyContext();    // Make sure all cipher suites are available.    ctx->preferred_suites = ctx->get_suites(-1, 2);    werror("Starting\n");    ssl = SSL.sslfile(con, ctx, 1);    ssl->set_nonblocking(got_data, write_cb, con_closed);    }   }    + string common_name; + void make_certificate(SSL.Context ctx, Crypto.Sign key, void|Crypto.Hash hash) + { +  mapping attrs = ([ +  "organizationName" : "Test", +  "commonName" : common_name, +  ]); +  string cert = Standards.X509.make_selfsigned_certificate(key, 3600*24, attrs, 0, hash); +  ctx->add_cert(key, ({ cert }), ({ "*" })); + } +    int main()   {   #ifdef HTTPS_CLIENT    Stdio.File con = Stdio.File();    if (!con->connect(HOST, PORT)) {    werror("Failed to connect to server: %s\n", strerror(con->errno()));    return 17;    }    Client(con);    return -17;   #else    SSL.Context ctx = MyContext();       Crypto.Sign key;    string certificate;    -  string common_name = gethostname(); +  common_name = gethostname();    common_name = (gethostbyname(common_name) || ({ common_name }))[0]; -  +     werror("Common name: %O\n", common_name);       werror("Generating RSA certificate (%d bits)...\n", RSA_BITS); -  +     key = Crypto.RSA()->generate_key(RSA_BITS); -  certificate = -  Standards.X509.make_selfsigned_certificate(key, 3600*4, ([ -  "organizationName" : "Test", -  "commonName" : common_name, -  ])); -  ctx->add_cert(key, ({ certificate }), ({ "*" })); +  make_certificate(ctx, key);       // Compat with OLD clients. -  certificate = -  Standards.X509.make_selfsigned_certificate(key, 3600*4, ([ -  "organizationName" : "Test", -  "commonName" : common_name, -  ]), UNDEFINED, -  Crypto.SHA1); -  ctx->add_cert(key, ({ certificate }), ({ "*" })); +  make_certificate(ctx, key, Crypto.SHA1);    -  +     werror("Generating DSA certificate (%d bits)...\n", DSA_BITS);       catch {    // NB: Not all versions of Nettle support q sizes other than 160.    key = Crypto.DSA()->generate_key(DSA_BITS, 256); -  certificate = -  Standards.X509.make_selfsigned_certificate(key, 3600*4, ([ -  "organizationName" : "Test", -  "commonName" : common_name, -  ]), UNDEFINED, -  Crypto.SHA256); -  ctx->add_cert(key, ({ certificate, ({ "*" }) })); +  make_certificate(ctx, key);    };       // Compat with OLD clients.    //    // The old FIPS standard maxed out at 1024 & 160 bits with SHA-1.    key = Crypto.DSA()->generate_key(1024, 160); -  certificate = -  Standards.X509.make_selfsigned_certificate(key, 3600*4, ([ -  "organizationName" : "Test", -  "commonName" : common_name, -  ]), UNDEFINED, -  Crypto.SHA1); -  ctx->add_cert(key, ({ certificate }), ({ "*" })); +  make_certificate(ctx, key, Crypto.SHA1);      #if constant(Crypto.ECC.Curve)    werror("Generating ECDSA certificate (%d bits)...\n", 521);       key = Crypto.ECC.SECP_521R1.ECDSA()->generate_key(); -  certificate = -  Standards.X509.make_selfsigned_certificate(key, 3600*4, ([ -  "organizationName" : "Test", -  "commonName" : common_name, -  ])); -  ctx->add_cert(key, ({ certificate }), ({ "*" })); +  make_certificate(ctx, key);       // Compat with OLD clients.    //    // Unlikely to be needed, but the cost is minimal. -  certificate = -  Standards.X509.make_selfsigned_certificate(key, 3600*4, ([ -  "organizationName" : "Test", -  "commonName" : common_name, -  ]), UNDEFINED, -  Crypto.SHA1); -  ctx->add_cert(key, ({ certificate }), ({ "*" })); +  make_certificate(ctx, key, Crypto.SHA1);   #endif       // Make sure all cipher suites are available.    ctx->preferred_suites = ctx->get_suites(CIPHER_BITS, KE_MODE);    SSL3_DEBUG_MSG("Cipher suites:\n%s",    .Constants.fmt_cipher_suites(ctx->preferred_suites));       SSL3_DEBUG_MSG("Certs:\n%O\n", ctx->cert_pairs);       port = SSL.sslport(ctx);