projects
/
certmaster.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
- add BasicConstraints CA:TRUE for a ca cert, false for the others
[certmaster.git]
/
certmaster
/
certs.py
diff --git
a/certmaster/certs.py
b/certmaster/certs.py
index
554822e
..
81409f3
100644
(file)
--- a/
certmaster/certs.py
+++ b/
certmaster/certs.py
@@
-96,7
+96,11
@@
def create_ca(CN="Certmaster Certificate Authority", ca_key_file=None, ca_cert_f
cacert.set_issuer(careq.get_subject())
cacert.set_subject(careq.get_subject())
cacert.set_pubkey(careq.get_pubkey())
cacert.set_issuer(careq.get_subject())
cacert.set_subject(careq.get_subject())
cacert.set_pubkey(careq.get_pubkey())
- cacert.sign(cakey, 'md5')
+ cacert.set_version(2)
+ xt = crypto.X509Extension('basicConstraints',1,'CA:TRUE')
+ # FIXME - add subjectkeyidentifier and authoritykeyidentifier extensions, too)
+ cacert.add_extensions((xt,))
+ cacert.sign(cakey, 'sha1')
if ca_cert_file:
destfo = open(ca_cert_file, 'w')
destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
if ca_cert_file:
destfo = open(ca_cert_file, 'w')
destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
@@
-134,7
+138,11
@@
def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None):
cert.set_issuer(cacert.get_subject())
cert.set_subject(csr.get_subject())
cert.set_pubkey(csr.get_pubkey())
cert.set_issuer(cacert.get_subject())
cert.set_subject(csr.get_subject())
cert.set_pubkey(csr.get_pubkey())
- cert.sign(cakey, 'md5')
+ cert.set_version(2)
+ xt = crypto.X509Extension('basicConstraints', False ,'CA:False')
+ # FIXME - add subjectkeyidentifier and authoritykeyidentifier extensions, too)
+ cacert.add_extensions((xt,))
+ cert.sign(cakey, 'sha1')
if slave_cert_file:
destfo = open(slave_cert_file, 'w')
destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
if slave_cert_file:
destfo = open(slave_cert_file, 'w')
destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))