Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-26 07:59:35 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1869 from PhenomRetroShare/Fix_OpenSSL1_CreatCertFail

Browse Source 
Fix OpenSSL fail to create Cert.
This commit is contained in:
csoler 2020-04-24 21:55:01 +02:00 committed by GitHub
commit e323bc8573
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libretroshare/src/pqi/authssl.cc
View File

@ -30,6 +30,7 @@
#include "pqinetwork.h"
#include "authgpg.h"
#include "rsitems/rsconfigitems.h"
#include "util/rsdebug.h"
#include "util/rsdir.h"
#include "util/rsstring.h"
#include "pgp/pgpkeyutil.h"
@ -804,10 +805,18 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
}
X509_NAME_free(issuer_name);
// NEW code, set validity time between null and null
// (does not leak the key creation date to the outside anymore. for more privacy)
ASN1_TIME_set(X509_get_notBefore(x509), 0);
ASN1_TIME_set(X509_get_notAfter(x509), 0);
// NEW code, set validity time between 2010 and 2110 (remember to change it when, if OpenSSL check it by default. ;) )
// (does not leak the key creation date to the outside anymore. for more privacy)
if (!ASN1_TIME_set_string(X509_getm_notBefore(x509), "20100101000000Z"))
{
RsErr() << __PRETTY_FUNCTION__ << " Set notBefore FAIL" << std::endl;
return NULL;
}
if (!ASN1_TIME_set_string(X509_getm_notAfter(x509), "21100101000000Z"))
{
RsErr() << __PRETTY_FUNCTION__ << " Set notAfter FAIL" << std::endl;
return NULL;
}
if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
{