2 /* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
7 #include <openssl/pem.h>
8 #include <openssl/conf.h>
9 #include <openssl/x509v3.h>
11 int mkit(X509
**x509p
, EVP_PKEY
**pkeyp
, int bits
, int serial
, int days
);
17 EVP_PKEY
*pkey
= NULL
;
19 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON
);
21 bio_err
= BIO_new_fp(stderr
, BIO_NOCLOSE
);
23 mkit(&x509
, &pkey
, 512, 0, 365);
25 RSA_print_fp(stdout
, pkey
->pkey
.rsa
, 0);
26 X509_print_fp(stdout
, x509
);
28 PEM_write_PrivateKey(stdout
, pkey
, NULL
, NULL
, 0, NULL
, NULL
);
29 PEM_write_X509(stdout
, x509
);
35 /* Only needed if we add objects or custom extensions */
40 CRYPTO_mem_leaks(bio_err
);
46 # define MS_CALLBACK _far _loadds
53 static void MS_CALLBACK
callback(p
, n
, arg
)
71 int mkit(x509p
, pkeyp
, bits
, serial
, days
)
81 X509_NAME
*name
= NULL
;
82 X509_NAME_ENTRY
*ne
= NULL
;
83 X509_EXTENSION
*ex
= NULL
;
85 if ((pkeyp
== NULL
) || (*pkeyp
== NULL
)) {
86 if ((pk
= EVP_PKEY_new()) == NULL
) {
93 if ((x509p
== NULL
) || (*x509p
== NULL
)) {
94 if ((x
= X509_new()) == NULL
)
99 rsa
= RSA_generate_key(bits
, RSA_F4
, callback
, NULL
);
100 if (!EVP_PKEY_assign_RSA(pk
, rsa
)) {
106 X509_set_version(x
, 3);
107 ASN1_INTEGER_set(X509_get_serialNumber(x
), serial
);
108 X509_gmtime_adj(X509_get_notBefore(x
), 0);
109 X509_gmtime_adj(X509_get_notAfter(x
), (long)60 * 60 * 24 * days
);
110 X509_set_pubkey(x
, pk
);
112 name
= X509_get_subject_name(x
);
115 * This function creates and adds the entry, working out the correct
116 * string type and performing checks on its length. Normally we'd check
117 * the return value for errors...
119 X509_NAME_add_entry_by_txt(name
, "C", MBSTRING_ASC
, "UK", -1, -1, 0);
120 X509_NAME_add_entry_by_txt(name
, "CN",
121 MBSTRING_ASC
, "OpenSSL Group", -1, -1, 0);
123 X509_set_issuer_name(x
, name
);
126 * Add extension using V3 code: we can set the config file as NULL
127 * because we wont reference any other sections. We can also set the
128 * context to NULL because none of these extensions below will need to
132 ex
= X509V3_EXT_conf_nid(NULL
, NULL
, NID_netscape_cert_type
, "server");
133 X509_add_ext(x
, ex
, -1);
134 X509_EXTENSION_free(ex
);
136 ex
= X509V3_EXT_conf_nid(NULL
, NULL
, NID_netscape_comment
,
137 "example comment extension");
138 X509_add_ext(x
, ex
, -1);
139 X509_EXTENSION_free(ex
);
141 ex
= X509V3_EXT_conf_nid(NULL
, NULL
, NID_netscape_ssl_server_name
,
144 X509_add_ext(x
, ex
, -1);
145 X509_EXTENSION_free(ex
);
148 /* might want something like this too.... */
149 ex
= X509V3_EXT_conf_nid(NULL
, NULL
, NID_basic_constraints
,
152 X509_add_ext(x
, ex
, -1);
153 X509_EXTENSION_free(ex
);
157 /* Maybe even add our own extension based on existing */
160 nid
= OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
161 X509V3_EXT_add_alias(nid
, NID_netscape_comment
);
162 ex
= X509V3_EXT_conf_nid(NULL
, NULL
, nid
, "example comment alias");
163 X509_add_ext(x
, ex
, -1);
164 X509_EXTENSION_free(ex
);
168 if (!X509_sign(x
, pk
, EVP_md5()))