lockdown: Add missing x509 extensions to match other platforms using GnuTLS

author: Martin Szulecki 2013-09-06 01:20:01 +0200
committer: Martin Szulecki 2013-09-17 11:43:34 +0200
commit: f89e375e1334996591322cf6a454f9e121e423d2 (patch)
tree: 4f9aa7ba658c85bd9168486a10f96f08b5119aaf
parent: 49eb72122d3d95f6aa80f6b17c393d75fd6077bc (diff)
download: libimobiledevice-f89e375e1334996591322cf6a454f9e121e423d2.tar.gz
libimobiledevice-f89e375e1334996591322cf6a454f9e121e423d2.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index a8f3e1e..c0ea645 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -1483,6 +1483,14 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
                                gnutls_x509_crt_set_ca_status(dev_cert, 0);
                                gnutls_x509_crt_set_activation_time(dev_cert, time(NULL));
                                gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
+                                /* FIXME calculate subject key id correctly */
+#if 0
+                                unsigned char hash[20];
+                                size_t hash_size = sizeof(hash);
+                                gnutls_x509_crt_get_key_id(dev_cert, 0, (unsigned char*)hash, &hash_size);
+                                gnutls_x509_crt_set_subject_key_id(dev_cert, hash, hash_size);
+#endif
+                                gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT);
                                gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);
                                if (LOCKDOWN_E_SUCCESS == ret) {
author	Martin Szulecki	2013-09-06 01:20:01 +0200
committer	Martin Szulecki	2013-09-17 11:43:34 +0200
commit	f89e375e1334996591322cf6a454f9e121e423d2 (patch)
tree	4f9aa7ba658c85bd9168486a10f96f08b5119aaf
parent	49eb72122d3d95f6aa80f6b17c393d75fd6077bc (diff)
download	libimobiledevice-f89e375e1334996591322cf6a454f9e121e423d2.tar.gz libimobiledevice-f89e375e1334996591322cf6a454f9e121e423d2.tar.bz2

diff --git a/src/lockdown.c b/src/lockdown.c index a8f3e1e..c0ea645 100644 --- a/src/lockdown.c +++ b/src/lockdown.c
@@ -1483,6 +1483,14 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t
1483	gnutls_x509_crt_set_ca_status(dev_cert, 0);	1483	gnutls_x509_crt_set_ca_status(dev_cert, 0);
1484	gnutls_x509_crt_set_activation_time(dev_cert, time(NULL));	1484	gnutls_x509_crt_set_activation_time(dev_cert, time(NULL));
1485	gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));	1485	gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
		1486	/* FIXME calculate subject key id correctly */
		1487	#if 0
		1488	unsigned char hash[20];
		1489	size_t hash_size = sizeof(hash);
		1490	gnutls_x509_crt_get_key_id(dev_cert, 0, (unsigned char*)hash, &hash_size);
		1491	gnutls_x509_crt_set_subject_key_id(dev_cert, hash, hash_size);
		1492	#endif
		1493	gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE \| GNUTLS_KEY_KEY_ENCIPHERMENT);
1486	gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);	1494	gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);
1487		1495
1488	if (LOCKDOWN_E_SUCCESS == ret) {	1496	if (LOCKDOWN_E_SUCCESS == ret) {