55 bool bCreatedKey =
false;
56 bool bCreatedX509 =
false;
58 EVP_PKEY* pk =
nullptr;
60 X509_NAME* name =
nullptr;
62 if ((pkeyp ==
nullptr) || (*pkeyp ==
nullptr)) {
63 if ((pk = EVP_PKEY_new()) ==
nullptr) {
70 if ((x509p ==
nullptr) || (*x509p ==
nullptr)) {
71 if ((x = X509_new()) ==
nullptr) {
85 BIGNUM* e1 = BN_new();
87 if ((
nullptr == rsa) || (
nullptr == e1)) abort();
89 BN_set_word(e1, RSA_F4);
91 if (!RSA_generate_key_ex(rsa, bits, e1,
nullptr)) abort();
95 rsa = RSA_generate_key(bits, RSA_F4, callback,
nullptr);
97 if (!EVP_PKEY_assign_RSA(pk, rsa)) {
102 X509_set_version(x, 2);
103 ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
104 X509_gmtime_adj(X509_get_notBefore(x), 0);
105 X509_gmtime_adj(X509_get_notAfter(x),
106 static_cast<int64_t>(60 * 60 * 24 * days));
107 X509_set_pubkey(x, pk);
109 name = X509_get_subject_name(x);
115 X509_NAME_add_entry_by_txt(name,
"C", MBSTRING_ASC, (
const uint8_t*)
"UK",
117 X509_NAME_add_entry_by_txt(name,
"CN", MBSTRING_ASC,
118 (
const uint8_t*)
"OpenSSL Group", -1, -1, 0);
123 X509_set_issuer_name(x, name);
126 char* szConstraints =
new char[100]();
127 char* szKeyUsage =
new char[100]();
128 char* szSubjectKeyID =
new char[100]();
129 char* szCertType =
new char[100]();
130 char* szComment =
new char[100]();
137 add_ext(x, NID_basic_constraints, szConstraints);
138 add_ext(x, NID_key_usage, szKeyUsage);
139 add_ext(x, NID_subject_key_identifier, szSubjectKeyID);
140 add_ext(x, NID_netscape_cert_type,
142 add_ext(x, NID_netscape_comment,
144 delete[] szConstraints;
145 szConstraints =
nullptr;
147 szKeyUsage =
nullptr;
148 delete[] szSubjectKeyID;
149 szSubjectKeyID =
nullptr;
151 szCertType =
nullptr;
159 nid = OBJ_create(
"1.2.3.4",
"MyAlias",
"My Test Alias Extension");
160 X509V3_EXT_add_alias(nid, NID_netscape_comment);
161 add_ext(x, nid,
"example comment alias");
164 if (!X509_sign(x, pk, EVP_md5()) ||
165 (
nullptr == x509p) || (
nullptr == pkeyp)) {
168 if (bCreatedX509) X509_free(x);
static EXPORT bool safe_strcpy(char *dest, const char *src, size_t destSize, bool zeroSource=false)
int32_t add_ext(X509 *cert, int32_t nid, char *value)