From 558883c6dd3dc4f15b91cffbf4c3ffd4f5d3cdc9 Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Mon, 11 Apr 2016 17:37:14 -0400 Subject: [PATCH] Add missing prototypes/definitions and do a first pass at fixing up the self-signed cert code. --- cups/http-private.h | 25 ++++++++++++++++++------- cups/tls-darwin.c | 14 ++++++++++---- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/cups/http-private.h b/cups/http-private.h index 39337dbcc3..10c6246705 100644 --- a/cups/http-private.h +++ b/cups/http-private.h @@ -1,9 +1,7 @@ /* - * "$Id$" - * * Private HTTP definitions for CUPS. * - * Copyright 2007-2015 by Apple Inc. + * Copyright 2007-2016 by Apple Inc. * Copyright 1997-2007 by Easy Software Products, all rights reserved. * * These coded instructions, statements, and computer programs are the @@ -99,9 +97,26 @@ typedef int socklen_t; # ifdef __cplusplus extern "C" { # endif /* __cplusplus */ +typedef CF_OPTIONS(uint32_t, SecKeyUsage) { + kSecKeyUsageAll = 0x7FFFFFFF +}; +extern const void * kSecCSRChallengePassword; +extern const void * kSecSubjectAltName; +extern const void * kSecCertificateKeyUsage; +extern const void * kSecCSRBasicContraintsPathLen; +extern const void * kSecCertificateExtensions; +extern const void * kSecCertificateExtensionsEncoded; +extern const void * kSecOidCommonName; +extern const void * kSecOidCountryName; +extern const void * kSecOidStateProvinceName; +extern const void * kSecOidLocalityName; +extern const void * kSecOidOrganization; +extern const void * kSecOidOrganizationalUnit; extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length); extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime); extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate); +extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey); +extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey); # ifdef __cplusplus } # endif /* __cplusplus */ @@ -440,7 +455,3 @@ extern int _httpWait(http_t *http, int msec, int usessl); # endif /* __cplusplus */ #endif /* !_CUPS_HTTP_PRIVATE_H_ */ - -/* - * End of "$Id$". - */ diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c index 58c42196d1..c7b7363ac3 100644 --- a/cups/tls-darwin.c +++ b/cups/tls-darwin.c @@ -82,6 +82,7 @@ cupsMakeServerCredentials( /* Public key */ privateKey = NULL; /* Private key */ + SecCertificateRef cert = NULL; /* Self-signed certificate */ CFMutableDictionaryRef keyParams = NULL; /* Key generation parameters */ @@ -120,10 +121,15 @@ cupsMakeServerCredentials( */ CFIndex usageInt = kSecKeyUsageAll; - CFNumberRef usage = CFNumberCreate(alloc, kCFNumberCFIndexType, &usageInt); - CFDictionaryRef certParams = CFDictionaryCreateMutable(kCFAllocatorDefault, -kSecCSRBasicContraintsPathLen, CFINT(0), kSecSubjectAltName, cfcommon_name, kSecCertificateKeyUsage, usage, NULL, NULL); + CFNumberRef usage = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &usageInt); + CFIndex lenInt = 0; + CFNumberRef len = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &lenInt); + CFMutableDictionaryRef certParams = CFDictionaryCreateMutable(kCFAllocatorDefault, 3, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + CFDictionaryAddValue(certParams, kSecCSRBasicContraintsPathLen, len); + CFDictionaryAddValue(certParams, kSecSubjectAltName, cfcommon_name); + CFDictionaryAddValue(certParams, kSecCertificateKeyUsage, usage); CFRelease(usage); + CFRelease(len); const void *ca_o[] = { kSecOidOrganization, CFSTR("") }; const void *ca_cn[] = { kSecOidCommonName, cfcommon_name }; @@ -135,7 +141,7 @@ kSecCSRBasicContraintsPathLen, CFINT(0), kSecSubjectAltName, cfcommon_name, kSec ca_dn_array[1] = CFArrayCreate(kCFAllocatorDefault, (const void **)&ca_cn_dn, 1, NULL); CFArrayRef subject = CFArrayCreate(kCFAllocatorDefault, ca_dn_array, 2, NULL); - SecCertificateRef cert = SecGenerateSelfSignedCertificate(subject, certParams, publicKey, privateKey); + cert = SecGenerateSelfSignedCertificate(subject, certParams, publicKey, privateKey); CFRelease(subject); CFRelease(certParams); -- 2.47.3