Merge pull request #1869 from PhenomRetroShare/Fix_OpenSSL1_CreatCertFail

Fix OpenSSL fail to create Cert.
This commit is contained in:
csoler 2020-04-24 21:55:01 +02:00 committed by GitHub
commit e323bc8573
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -30,6 +30,7 @@
#include "pqinetwork.h" #include "pqinetwork.h"
#include "authgpg.h" #include "authgpg.h"
#include "rsitems/rsconfigitems.h" #include "rsitems/rsconfigitems.h"
#include "util/rsdebug.h"
#include "util/rsdir.h" #include "util/rsdir.h"
#include "util/rsstring.h" #include "util/rsstring.h"
#include "pgp/pgpkeyutil.h" #include "pgp/pgpkeyutil.h"
@ -804,10 +805,18 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
} }
X509_NAME_free(issuer_name); X509_NAME_free(issuer_name);
// NEW code, set validity time between null and null // NEW code, set validity time between 2010 and 2110 (remember to change it when, if OpenSSL check it by default. ;) )
// (does not leak the key creation date to the outside anymore. for more privacy) // (does not leak the key creation date to the outside anymore. for more privacy)
ASN1_TIME_set(X509_get_notBefore(x509), 0); if (!ASN1_TIME_set_string(X509_getm_notBefore(x509), "20100101000000Z"))
ASN1_TIME_set(X509_get_notAfter(x509), 0); {
RsErr() << __PRETTY_FUNCTION__ << " Set notBefore FAIL" << std::endl;
return NULL;
}
if (!ASN1_TIME_set_string(X509_getm_notAfter(x509), "21100101000000Z"))
{
RsErr() << __PRETTY_FUNCTION__ << " Set notAfter FAIL" << std::endl;
return NULL;
}
if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req))) if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
{ {