summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-24 21:04:27 -0500
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-24 21:04:27 -0500
commita619f64455bf3cd5715505b0cab057ca920fc7a0 (patch)
tree7b44481aa9c7d5bbe7b69d733f03cc459bb4bb1a
parent6cddf7dd1cfb81b4ffc53ea7d932a86dd6c320cd (diff)
downloadlibtdeldap-a619f644.tar.gz
libtdeldap-a619f644.zip
Fix a few minor issues with PKI certificate generation
-rw-r--r--src/libtdeldap.cpp15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 9ae53ed..1721bc5 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -4346,11 +4346,14 @@ int LDAPManager::generateClientCertificatePublicCertificate(int expirydays, LDAP
TQString common_name = TQString::null;
if (user.name != "") {
- common_name = TQString("/uid=%1").arg(user.name);
+ // TODO
+ // Determine if uid or CN is the best identifier
+ // common_name = TQString("/uid=%1").arg(user.name);
+ common_name = TQString("/CN=%1").arg(user.name);
}
- subject = TQString("\"/CN=%1%2%3\"").arg(user.name).arg(openssldcForRealm(realmcfg.name)).arg(common_name);
- command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
+ subject = TQString("\"%1%2\"").arg(openssldcForRealm(realmcfg.name)).arg(common_name);
+ command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(client_cfgfile).arg(subject);
if (system(command) < 0) {
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
return -1;
@@ -4913,6 +4916,12 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse
stream << "# This file was automatically generated by TDE\n";
stream << "# All changes will be lost!\n";
stream << "\n";
+ stream << "oid_section = new_oids" << "\n";
+ stream << "\n";
+ stream << "[new_oids]" << "\n";
+ stream << "uid = 0.9.2342.19200300.100.1.1" << "\n";
+ stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n";
+ stream << "\n";
stream << "[ca]" << "\n";
stream << "default_ca = certificate_authority" << "\n";
stream << "\n";