|
|
|
@ -702,39 +702,6 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain,
|
|
|
|
|
SSL_CTX_add_extra_chain_cert(sslctx, c);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctx->opts->certgendir) {
|
|
|
|
|
unsigned char origfpr[SSL_X509_FPRSZ], newfpr[SSL_X509_FPRSZ];
|
|
|
|
|
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
|
|
|
|
|
ssl_x509_fingerprint_sha1(crt, newfpr);
|
|
|
|
|
char *origfprstr, *newfprstr;
|
|
|
|
|
asprintf(&origfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
|
|
|
|
|
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
|
|
|
|
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
|
|
|
|
|
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
|
|
|
|
|
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
|
|
|
|
|
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
|
|
|
|
|
asprintf(&newfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
|
|
|
|
|
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
|
|
|
|
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
|
|
|
|
|
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
|
|
|
|
|
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
|
|
|
|
|
newfpr[15], newfpr[16], newfpr[17], newfpr[18], newfpr[19]);
|
|
|
|
|
char *keyfn, *crtfn;
|
|
|
|
|
asprintf(&keyfn, "%s/%s-%s.key", ctx->opts->certgendir, origfprstr, newfprstr);
|
|
|
|
|
asprintf(&crtfn, "%s/%s-%s.crt", ctx->opts->certgendir, origfprstr, newfprstr);
|
|
|
|
|
FILE *keyfd, *crtfd;
|
|
|
|
|
keyfd = fopen(keyfn, "w");
|
|
|
|
|
crtfd = fopen(crtfn, "w");
|
|
|
|
|
if (keyfd) {
|
|
|
|
|
PEM_write_PrivateKey(keyfd, key, NULL, 0, 0, NULL, NULL);
|
|
|
|
|
fclose(keyfd);
|
|
|
|
|
}
|
|
|
|
|
if (crtfd) {
|
|
|
|
|
PEM_write_X509(crtfd, crt);
|
|
|
|
|
fclose(crtfd);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG_SESSION_CACHE
|
|
|
|
|
if (OPTS_DEBUG(ctx->opts)) {
|
|
|
|
|
int mode = SSL_CTX_get_session_cache_mode(sslctx);
|
|
|
|
@ -831,6 +798,39 @@ pxy_srccert_create(pxy_conn_ctx_t *ctx)
|
|
|
|
|
cert_set_chain(cert, ctx->opts->chain);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctx->opts->certgendir) {
|
|
|
|
|
unsigned char origfpr[SSL_X509_FPRSZ], newfpr[SSL_X509_FPRSZ];
|
|
|
|
|
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
|
|
|
|
|
ssl_x509_fingerprint_sha1(cert->crt, newfpr);
|
|
|
|
|
char *origfprstr, *newfprstr;
|
|
|
|
|
asprintf(&origfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
|
|
|
|
|
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
|
|
|
|
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
|
|
|
|
|
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
|
|
|
|
|
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
|
|
|
|
|
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
|
|
|
|
|
asprintf(&newfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
|
|
|
|
|
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
|
|
|
|
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
|
|
|
|
|
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
|
|
|
|
|
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
|
|
|
|
|
newfpr[15], newfpr[16], newfpr[17], newfpr[18], newfpr[19]);
|
|
|
|
|
char *keyfn, *crtfn;
|
|
|
|
|
asprintf(&keyfn, "%s/%s-%s.key", ctx->opts->certgendir, origfprstr, newfprstr);
|
|
|
|
|
asprintf(&crtfn, "%s/%s-%s.crt", ctx->opts->certgendir, origfprstr, newfprstr);
|
|
|
|
|
FILE *keyfd, *crtfd;
|
|
|
|
|
keyfd = fopen(keyfn, "w");
|
|
|
|
|
crtfd = fopen(crtfn, "w");
|
|
|
|
|
if (keyfd) {
|
|
|
|
|
PEM_write_PrivateKey(keyfd, cert->key, NULL, 0, 0, NULL, NULL);
|
|
|
|
|
fclose(keyfd);
|
|
|
|
|
}
|
|
|
|
|
if (crtfd) {
|
|
|
|
|
PEM_write_X509(crtfd, cert->crt);
|
|
|
|
|
fclose(crtfd);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cert;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|