diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lockdown.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index f846be3..c7a3c0d 100644 --- a/src/lockdown.c +++ b/src/lockdown.c | |||
| @@ -1300,7 +1300,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t | |||
| 1300 | 1300 | ||
| 1301 | X509_EXTENSION* ext; | 1301 | X509_EXTENSION* ext; |
| 1302 | if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, (char*)"critical,CA:FALSE"))) { | 1302 | if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, (char*)"critical,CA:FALSE"))) { |
| 1303 | debug_info("ERROR: X509V3_EXT_conf_nid failed"); | 1303 | debug_info("ERROR: X509V3_EXT_conf_nid failed for Basic Constraints"); |
| 1304 | } | 1304 | } |
| 1305 | X509_add_ext(dev_cert, ext, -1); | 1305 | X509_add_ext(dev_cert, ext, -1); |
| 1306 | X509_EXTENSION_free(ext); | 1306 | X509_EXTENSION_free(ext); |
| @@ -1311,7 +1311,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t | |||
| 1311 | ASN1_TIME_set(asn1time, time(NULL) + (60 * 60 * 24 * 365 * 10)); | 1311 | ASN1_TIME_set(asn1time, time(NULL) + (60 * 60 * 24 * 365 * 10)); |
| 1312 | X509_set_notAfter(dev_cert, asn1time); | 1312 | X509_set_notAfter(dev_cert, asn1time); |
| 1313 | ASN1_TIME_free(asn1time); | 1313 | ASN1_TIME_free(asn1time); |
| 1314 | 1314 | ||
| 1315 | BIO* membp; | 1315 | BIO* membp; |
| 1316 | 1316 | ||
| 1317 | X509* rootCert = NULL; | 1317 | X509* rootCert = NULL; |
| @@ -1329,6 +1329,22 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t | |||
| 1329 | X509_free(rootCert); | 1329 | X509_free(rootCert); |
| 1330 | } | 1330 | } |
| 1331 | 1331 | ||
| 1332 | X509V3_CTX ctx; | ||
| 1333 | X509V3_set_ctx_nodb(&ctx); | ||
| 1334 | X509V3_set_ctx(&ctx, NULL, dev_cert, NULL, NULL, 0); | ||
| 1335 | |||
| 1336 | if (!(ext = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, (char*)"hash"))) { | ||
| 1337 | debug_info("ERROR: X509V3_EXT_conf_nid failed for Subject Key identifier"); | ||
| 1338 | } | ||
| 1339 | X509_add_ext(dev_cert, ext, -1); | ||
| 1340 | X509_EXTENSION_free(ext); | ||
| 1341 | |||
| 1342 | if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, (char*)"critical,digitalSignature,keyEncipherment"))) { | ||
| 1343 | debug_info("ERROR: X509V3_EXT_conf_nid failed for Key Usage"); | ||
| 1344 | } | ||
| 1345 | X509_add_ext(dev_cert, ext, -1); | ||
| 1346 | X509_EXTENSION_free(ext); | ||
| 1347 | |||
| 1332 | EVP_PKEY* rootPriv = NULL; | 1348 | EVP_PKEY* rootPriv = NULL; |
| 1333 | membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size); | 1349 | membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size); |
| 1334 | PEM_read_bio_PrivateKey(membp, &rootPriv, NULL, NULL); | 1350 | PEM_read_bio_PrivateKey(membp, &rootPriv, NULL, NULL); |