From a619f64455bf3cd5715505b0cab057ca920fc7a0 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Thu, 24 Sep 2015 21:04:27 -0500 Subject: Fix a few minor issues with PKI certificate generation --- src/libtdeldap.cpp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 9ae53ed..1721bc5 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -4346,11 +4346,14 @@ int LDAPManager::generateClientCertificatePublicCertificate(int expirydays, LDAP TQString common_name = TQString::null; if (user.name != "") { - common_name = TQString("/uid=%1").arg(user.name); + // TODO + // Determine if uid or CN is the best identifier + // common_name = TQString("/uid=%1").arg(user.name); + common_name = TQString("/CN=%1").arg(user.name); } - subject = TQString("\"/CN=%1%2%3\"").arg(user.name).arg(openssldcForRealm(realmcfg.name)).arg(common_name); - command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(OPENSSL_EXTENSIONS_FILE).arg(subject); + subject = TQString("\"%1%2\"").arg(openssldcForRealm(realmcfg.name)).arg(common_name); + command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(client_cfgfile).arg(subject); if (system(command) < 0) { if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command); return -1; @@ -4913,6 +4916,12 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse stream << "# This file was automatically generated by TDE\n"; stream << "# All changes will be lost!\n"; stream << "\n"; + stream << "oid_section = new_oids" << "\n"; + stream << "\n"; + stream << "[new_oids]" << "\n"; + stream << "uid = 0.9.2342.19200300.100.1.1" << "\n"; + stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n"; + stream << "\n"; stream << "[ca]" << "\n"; stream << "default_ca = certificate_authority" << "\n"; stream << "\n"; -- cgit v1.2.3