22 #include <winpr/assert.h>
23 #include <winpr/crt.h>
24 #include <winpr/path.h>
25 #include <winpr/file.h>
26 #include <winpr/cmdline.h>
27 #include <winpr/sysinfo.h>
28 #include <winpr/crypto.h>
31 #include <openssl/crypto.h>
32 #include <openssl/conf.h>
33 #include <openssl/pem.h>
34 #include <openssl/err.h>
35 #include <openssl/rsa.h>
36 #include <openssl/pkcs12.h>
37 #include <openssl/x509v3.h>
38 #include <openssl/bn.h>
41 #include <winpr/tools/makecert.h>
43 struct S_MAKECERT_CONTEXT
72 static char* makecert_read_str(BIO* bio,
size_t* pOffset)
77 char* x509_str = NULL;
79 while (offset >= length)
88 if (new_len > INT_MAX)
94 new_str = (
char*)realloc(x509_str, new_len);
105 #if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
106 status = BIO_read_ex(bio, &x509_str[offset], length - offset, &readBytes);
108 status = BIO_read(bio, &x509_str[offset], length - offset);
125 x509_str[offset] =
'\0';
127 *pOffset = offset + 1;
136 if (!argv || (argc < 1))
139 printf(
"Usage: %s [options] [output file]\n", argv[0]);
145 if (arg->Flags & COMMAND_LINE_VALUE_FLAG)
148 printf(
"%-20s", arg->Name);
149 printf(
"\t%s\n", arg->Text);
151 else if ((arg->Flags & COMMAND_LINE_VALUE_REQUIRED) ||
152 (arg->Flags & COMMAND_LINE_VALUE_OPTIONAL))
158 size_t length = strlen(arg->Name) + strlen(arg->Format) + 2;
159 str = malloc(length + 1);
164 (void)sprintf_s(str, length + 1,
"%s %s", arg->Name, arg->Format);
165 (void)printf(
"%-20s", str);
170 printf(
"%-20s", arg->Name);
173 printf(
"\t%s\n", arg->Text);
175 }
while ((arg = CommandLineFindNextArgumentA(arg)) != NULL);
181 static int x509_add_ext(X509* cert,
int nid,
char* value)
184 X509_EXTENSION* ext = NULL;
189 X509V3_set_ctx_nodb(&ctx) X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
190 ext = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
195 X509_add_ext(cert, ext, -1);
196 X509_EXTENSION_free(ext);
201 static char* x509_name_parse(
char* name,
char* txt,
size_t* length)
206 if (!name || !txt || !length)
209 p = strstr(name, txt);
214 entry = p + strlen(txt) + 1;
215 p = strchr(entry,
'=');
218 *length = strlen(entry);
220 *length = (size_t)(p - entry);
225 static char* x509_get_default_name(
void)
227 CHAR* computerName = NULL;
230 if (GetComputerNameExA(ComputerNamePhysicalDnsFullyQualified, NULL, &nSize) ||
231 GetLastError() != ERROR_MORE_DATA)
234 computerName = (CHAR*)calloc(1, nSize);
239 if (!GetComputerNameExA(ComputerNamePhysicalDnsFullyQualified, computerName, &nSize))
246 if (GetComputerNameExA(ComputerNamePhysicalNetBIOS, NULL, &nSize) ||
247 GetLastError() != ERROR_MORE_DATA)
250 computerName = (CHAR*)calloc(1, nSize);
255 if (!GetComputerNameExA(ComputerNamePhysicalNetBIOS, computerName, &nSize))
264 static int command_line_pre_filter(
void* pvctx,
int index,
int argc, LPSTR* argv)
266 MAKECERT_CONTEXT* context = pvctx;
267 if (!context || !argv || (index < 0) || (argc < 0))
270 if (index == (argc - 1))
272 if (argv[index][0] !=
'-')
274 context->output_file = _strdup(argv[index]);
276 if (!context->output_file)
286 static int makecert_context_parse_arguments(MAKECERT_CONTEXT* context,
293 if (!context || !argv || (argc < 0))
300 CommandLineClearArgumentsA(args);
301 flags = COMMAND_LINE_SEPARATOR_SPACE | COMMAND_LINE_SIGIL_DASH;
303 CommandLineParseArgumentsA(argc, argv, args, flags, context, command_line_pre_filter, NULL);
305 if (status & COMMAND_LINE_STATUS_PRINT_HELP)
307 makecert_print_command_line_help(args, argc, argv);
316 if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
319 CommandLineSwitchStart(arg)
321 CommandLineSwitchCase(arg,
"silent")
323 context->silent = TRUE;
325 CommandLineSwitchCase(arg,
"live")
327 context->live = TRUE;
329 CommandLineSwitchCase(arg,
"format")
331 if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
334 if (strcmp(arg->Value,
"crt") == 0)
336 context->crtFormat = TRUE;
337 context->pemFormat = FALSE;
338 context->pfxFormat = FALSE;
340 else if (strcmp(arg->Value,
"pem") == 0)
342 context->crtFormat = FALSE;
343 context->pemFormat = TRUE;
344 context->pfxFormat = FALSE;
346 else if (strcmp(arg->Value,
"pfx") == 0)
348 context->crtFormat = FALSE;
349 context->pemFormat = FALSE;
350 context->pfxFormat = TRUE;
355 CommandLineSwitchCase(arg,
"path")
357 if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
360 context->output_path = _strdup(arg->Value);
362 if (!context->output_path)
365 CommandLineSwitchCase(arg,
"p")
367 if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
370 context->password = _strdup(arg->Value);
372 if (!context->password)
375 CommandLineSwitchCase(arg,
"n")
377 if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
380 context->common_name = _strdup(arg->Value);
382 if (!context->common_name)
385 CommandLineSwitchCase(arg,
"y")
389 if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
392 val = strtol(arg->Value, NULL, 0);
394 if ((errno != 0) || (val < 0) || (val > INT32_MAX))
397 context->duration_years = (int)val;
399 CommandLineSwitchCase(arg,
"m")
403 if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
406 val = strtol(arg->Value, NULL, 0);
408 if ((errno != 0) || (val < 0))
411 context->duration_months = (int)val;
413 CommandLineSwitchDefault(arg)
416 CommandLineSwitchEnd(arg)
417 }
while ((arg = CommandLineFindNextArgumentA(arg)) != NULL);
422 int makecert_context_set_output_file_name(MAKECERT_CONTEXT* context,
const char* name)
427 free(context->output_file);
428 context->output_file = NULL;
431 context->output_file = _strdup(name);
433 if (!context->output_file)
439 int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context,
const char* path)
446 char* filename = NULL;
447 char* fullpath = NULL;
451 char* x509_str = NULL;
456 if (!context->output_file)
458 context->output_file = _strdup(context->default_name);
460 if (!context->output_file)
467 length = strlen(context->output_file);
468 filename = malloc(length + 8);
473 if (context->crtFormat)
475 else if (context->pemFormat)
477 else if (context->pfxFormat)
482 (void)sprintf_s(filename, length + 8,
"%s.%s", context->output_file, ext);
485 fullpath = GetCombinedPath(path, filename);
487 fullpath = _strdup(filename);
492 fp = winpr_fopen(fullpath,
"w+");
496 if (context->pfxFormat)
498 if (!context->password)
500 context->password = _strdup(
"password");
502 if (!context->password)
505 printf(
"Using default export password \"password\"\n");
508 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
509 OpenSSL_add_all_algorithms();
510 OpenSSL_add_all_ciphers();
511 OpenSSL_add_all_digests();
513 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS |
514 OPENSSL_INIT_LOAD_CONFIG,
517 context->pkcs12 = PKCS12_create(context->password, context->default_name, context->pkey,
518 context->x509, NULL, 0, 0, 0, 0, 0);
520 if (!context->pkcs12)
523 bio = BIO_new(BIO_s_mem());
528 status = i2d_PKCS12_bio(bio, context->pkcs12);
533 x509_str = makecert_read_str(bio, &offset);
540 if (fwrite((
void*)x509_str, length, 1, fp) != 1)
545 bio = BIO_new(BIO_s_mem());
550 if (!PEM_write_bio_X509(bio, context->x509))
553 x509_str = makecert_read_str(bio, &offset);
560 if (fwrite(x509_str, length, 1, fp) != 1)
568 if (context->pemFormat)
570 bio = BIO_new(BIO_s_mem());
575 status = PEM_write_bio_PrivateKey(bio, context->pkey, NULL, NULL, 0, NULL, NULL);
580 x509_str = makecert_read_str(bio, &offset);
586 if (fwrite(x509_str, length, 1, fp) != 1)
604 WLog_ERR(TAG,
"%s only supported with OpenSSL", __func__);
609 int makecert_context_output_private_key_file(MAKECERT_CONTEXT* context,
const char* path)
615 char* filename = NULL;
616 char* fullpath = NULL;
619 char* x509_str = NULL;
621 if (!context->crtFormat)
624 if (!context->output_file)
626 context->output_file = _strdup(context->default_name);
628 if (!context->output_file)
635 length = strlen(context->output_file);
636 filename = malloc(length + 8);
641 (void)sprintf_s(filename, length + 8,
"%s.key", context->output_file);
644 fullpath = GetCombinedPath(path, filename);
646 fullpath = _strdup(filename);
651 fp = winpr_fopen(fullpath,
"w+");
656 bio = BIO_new(BIO_s_mem());
661 if (!PEM_write_bio_PrivateKey(bio, context->pkey, NULL, NULL, 0, NULL, NULL))
664 x509_str = makecert_read_str(bio, &offset);
671 if (fwrite((
void*)x509_str, length, 1, fp) != 1)
686 WLog_ERR(TAG,
"%s only supported with OpenSSL", __func__);
692 static BOOL makecert_create_rsa(EVP_PKEY** ppkey,
size_t key_length)
698 #if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
700 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
701 rsa = RSA_generate_key(key_length, RSA_F4, NULL, NULL);
704 BIGNUM* bn = BN_secure_new();
717 BN_set_word(bn, RSA_F4);
718 const int res = RSA_generate_key_ex(rsa, key_length, bn, NULL);
726 if (!EVP_PKEY_assign_RSA(*ppkey, rsa))
733 EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_from_name(NULL,
"RSA", NULL);
737 if (EVP_PKEY_keygen_init(pctx) != 1)
740 WINPR_ASSERT(key_length <= UINT_MAX);
741 unsigned int keylen = (
unsigned int)key_length;
742 const OSSL_PARAM params[] = { OSSL_PARAM_construct_uint(
"bits", &keylen),
743 OSSL_PARAM_construct_end() };
744 if (EVP_PKEY_CTX_set_params(pctx, params) != 1)
747 if (EVP_PKEY_generate(pctx, ppkey) != 1)
752 EVP_PKEY_CTX_free(pctx);
758 int makecert_context_process(MAKECERT_CONTEXT* context,
int argc,
char** argv)
763 {
"rdp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
764 "Unsupported - Generate certificate with required options for RDP usage." },
765 {
"silent", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
766 "Silently generate certificate without verbose output." },
767 {
"live", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
768 "Generate certificate live in memory when used as a library." },
769 {
"format", COMMAND_LINE_VALUE_REQUIRED,
"<crt|pem|pfx>", NULL, NULL, -1, NULL,
770 "Specify certificate file format" },
771 {
"path", COMMAND_LINE_VALUE_REQUIRED,
"<path>", NULL, NULL, -1, NULL,
772 "Specify certificate file output path" },
773 {
"p", COMMAND_LINE_VALUE_REQUIRED,
"<password>", NULL, NULL, -1, NULL,
774 "Specify certificate export password" },
778 {
"n", COMMAND_LINE_VALUE_REQUIRED,
"<name>", NULL, NULL, -1, NULL,
779 "Specifies the subject's certificate name. This name must conform to the X.500 standard. "
780 "The simplest method is to specify the name in double quotes, preceded by CN=; for "
782 "-n \"CN=myName\"." },
783 {
"pe", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
784 "Unsupported - Marks the generated private key as exportable. This allows the private "
786 "be included in the certificate." },
787 {
"sk", COMMAND_LINE_VALUE_REQUIRED,
"<keyname>", NULL, NULL, -1, NULL,
788 "Unsupported - Specifies the subject's key container location, which contains the "
791 "If a key container does not exist, it will be created." },
792 {
"sr", COMMAND_LINE_VALUE_REQUIRED,
"<location>", NULL, NULL, -1, NULL,
793 "Unsupported - Specifies the subject's certificate store location. location can be "
795 "currentuser (the default) or localmachine." },
796 {
"ss", COMMAND_LINE_VALUE_REQUIRED,
"<store>", NULL, NULL, -1, NULL,
797 "Unsupported - Specifies the subject's certificate store name that stores the output "
799 {
"#", COMMAND_LINE_VALUE_REQUIRED,
"<number>", NULL, NULL, -1, NULL,
800 "Specifies a serial number from 1 to 2,147,483,647. The default is a unique value "
802 "by Makecert.exe." },
803 {
"$", COMMAND_LINE_VALUE_REQUIRED,
"<authority>", NULL, NULL, -1, NULL,
804 "Unsupported - Specifies the signing authority of the certificate, which must be set to "
806 "(for certificates used by commercial software publishers) or individual (for "
808 "used by individual software publishers)." },
812 {
"a", COMMAND_LINE_VALUE_REQUIRED,
"<algorithm>", NULL, NULL, -1, NULL,
813 "Specifies the signature algorithm. algorithm must be md5, sha1, sha256 (the default), "
814 "sha384, or sha512." },
815 {
"b", COMMAND_LINE_VALUE_REQUIRED,
"<mm/dd/yyyy>", NULL, NULL, -1, NULL,
816 "Unsupported - Specifies the start of the validity period. Defaults to the current "
818 {
"crl", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
819 "Unsupported - Generates a certificate relocation list (CRL) instead of a certificate." },
820 {
"cy", COMMAND_LINE_VALUE_REQUIRED,
"<certType>", NULL, NULL, -1, NULL,
821 "Unsupported - Specifies the certificate type. Valid values are end for end-entity and "
822 "authority for certification authority." },
823 {
"e", COMMAND_LINE_VALUE_REQUIRED,
"<mm/dd/yyyy>", NULL, NULL, -1, NULL,
824 "Unsupported - Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 "
826 {
"eku", COMMAND_LINE_VALUE_REQUIRED,
"<oid[,oid…]>", NULL, NULL, -1, NULL,
827 "Unsupported - Inserts a list of comma-separated, enhanced key usage object identifiers "
828 "(OIDs) into the certificate." },
829 {
"h", COMMAND_LINE_VALUE_REQUIRED,
"<number>", NULL, NULL, -1, NULL,
830 "Unsupported - Specifies the maximum height of the tree below this certificate." },
831 {
"ic", COMMAND_LINE_VALUE_REQUIRED,
"<file>", NULL, NULL, -1, NULL,
832 "Unsupported - Specifies the issuer's certificate file." },
833 {
"ik", COMMAND_LINE_VALUE_REQUIRED,
"<keyName>", NULL, NULL, -1, NULL,
834 "Unsupported - Specifies the issuer's key container name." },
835 {
"iky", COMMAND_LINE_VALUE_REQUIRED,
"<keyType>", NULL, NULL, -1, NULL,
836 "Unsupported - Specifies the issuer's key type, which must be one of the following: "
837 "signature (which indicates that the key is used for a digital signature), "
838 "exchange (which indicates that the key is used for key encryption and key exchange), "
839 "or an integer that represents a provider type. "
840 "By default, you can pass 1 for an exchange key or 2 for a signature key." },
841 {
"in", COMMAND_LINE_VALUE_REQUIRED,
"<name>", NULL, NULL, -1, NULL,
842 "Unsupported - Specifies the issuer's certificate common name." },
843 {
"ip", COMMAND_LINE_VALUE_REQUIRED,
"<provider>", NULL, NULL, -1, NULL,
844 "Unsupported - Specifies the issuer's CryptoAPI provider name. For information about the "
845 "CryptoAPI provider name, see the –sp option." },
846 {
"ir", COMMAND_LINE_VALUE_REQUIRED,
"<location>", NULL, NULL, -1, NULL,
847 "Unsupported - Specifies the location of the issuer's certificate store. location can be "
848 "either currentuser (the default) or localmachine." },
849 {
"is", COMMAND_LINE_VALUE_REQUIRED,
"<store>", NULL, NULL, -1, NULL,
850 "Unsupported - Specifies the issuer's certificate store name." },
851 {
"iv", COMMAND_LINE_VALUE_REQUIRED,
"<pvkFile>", NULL, NULL, -1, NULL,
852 "Unsupported - Specifies the issuer's .pvk private key file." },
853 {
"iy", COMMAND_LINE_VALUE_REQUIRED,
"<type>", NULL, NULL, -1, NULL,
854 "Unsupported - Specifies the issuer's CryptoAPI provider type. For information about the "
855 "CryptoAPI provider type, see the –sy option." },
856 {
"l", COMMAND_LINE_VALUE_REQUIRED,
"<link>", NULL, NULL, -1, NULL,
857 "Unsupported - Links to policy information (for example, to a URL)." },
858 {
"len", COMMAND_LINE_VALUE_REQUIRED,
"<number>", NULL, NULL, -1, NULL,
859 "Specifies the generated key length, in bits." },
860 {
"m", COMMAND_LINE_VALUE_REQUIRED,
"<number>", NULL, NULL, -1, NULL,
861 "Specifies the duration, in months, of the certificate validity period." },
862 {
"y", COMMAND_LINE_VALUE_REQUIRED,
"<number>", NULL, NULL, -1, NULL,
863 "Specifies the duration, in years, of the certificate validity period." },
864 {
"nscp", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
865 "Unsupported - Includes the Netscape client-authorization extension." },
866 {
"r", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL,
867 "Unsupported - Creates a self-signed certificate." },
868 {
"sc", COMMAND_LINE_VALUE_REQUIRED,
"<file>", NULL, NULL, -1, NULL,
869 "Unsupported - Specifies the subject's certificate file." },
870 {
"sky", COMMAND_LINE_VALUE_REQUIRED,
"<keyType>", NULL, NULL, -1, NULL,
871 "Unsupported - Specifies the subject's key type, which must be one of the following: "
872 "signature (which indicates that the key is used for a digital signature), "
873 "exchange (which indicates that the key is used for key encryption and key exchange), "
874 "or an integer that represents a provider type. "
875 "By default, you can pass 1 for an exchange key or 2 for a signature key." },
876 {
"sp", COMMAND_LINE_VALUE_REQUIRED,
"<provider>", NULL, NULL, -1, NULL,
877 "Unsupported - Specifies the subject's CryptoAPI provider name, which must be defined in "
879 "registry subkeys of "
880 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider. If both –sp "
883 "the type of the CryptoAPI provider must correspond to the Type value of the provider's "
885 {
"sv", COMMAND_LINE_VALUE_REQUIRED,
"<pvkFile>", NULL, NULL, -1, NULL,
886 "Unsupported - Specifies the subject's .pvk private key file. The file is created if "
889 {
"sy", COMMAND_LINE_VALUE_REQUIRED,
"<type>", NULL, NULL, -1, NULL,
890 "Unsupported - Specifies the subject's CryptoAPI provider type, which must be defined in "
892 "registry subkeys of "
893 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types. If "
895 "–sy and –sp are present, "
896 "the name of the CryptoAPI provider must correspond to the Name value of the provider "
899 {
"tbs", COMMAND_LINE_VALUE_REQUIRED,
"<file>", NULL, NULL, -1, NULL,
900 "Unsupported - Specifies the certificate or CRL file to be signed." },
904 {
"?", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_HELP, NULL, NULL, NULL, -1,
"help",
906 {
"!", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_HELP, NULL, NULL, NULL, -1,
"help-ext",
907 "print extended help" },
908 { NULL, 0, NULL, NULL, NULL, -1, NULL, NULL }
915 X509_NAME* name = NULL;
916 const EVP_MD* md = NULL;
919 ret = makecert_context_parse_arguments(context, args, argc, argv);
926 if (!context->default_name && !context->common_name)
928 context->default_name = x509_get_default_name();
930 if (!context->default_name)
935 context->default_name = _strdup(context->common_name);
937 if (!context->default_name)
941 if (!context->common_name)
943 context->common_name = _strdup(context->default_name);
945 if (!context->common_name)
950 context->pkey = EVP_PKEY_new();
956 context->x509 = X509_new();
962 arg = CommandLineFindArgumentA(args,
"len");
964 if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
966 unsigned long val = strtoul(arg->Value, NULL, 0);
968 if ((errno != 0) || (val > INT_MAX))
970 key_length = (int)val;
973 if (!makecert_create_rsa(&context->pkey, key_length))
976 X509_set_version(context->x509, 2);
977 arg = CommandLineFindArgumentA(args,
"#");
979 if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
981 serial = strtol(arg->Value, NULL, 0);
987 serial = (long)GetTickCount64();
989 ASN1_INTEGER_set(X509_get_serialNumber(context->x509), serial);
991 ASN1_TIME* before = NULL;
992 ASN1_TIME* after = NULL;
993 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
994 before = X509_get_notBefore(context->x509);
995 after = X509_get_notAfter(context->x509);
997 before = X509_getm_notBefore(context->x509);
998 after = X509_getm_notAfter(context->x509);
1000 X509_gmtime_adj(before, 0);
1002 long duration = context->duration_months * 31l + context->duration_years * 365l;
1003 duration *= 60l * 60l * 24l;
1004 X509_gmtime_adj(after, duration);
1006 X509_set_pubkey(context->x509, context->pkey);
1007 name = X509_get_subject_name(context->x509);
1008 arg = CommandLineFindArgumentA(args,
"n");
1010 if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
1012 entry = x509_name_parse(arg->Value,
"C", &length);
1015 X509_NAME_add_entry_by_txt(name,
"C", MBSTRING_UTF8, (
const unsigned char*)entry,
1016 (
int)length, -1, 0);
1018 entry = x509_name_parse(arg->Value,
"ST", &length);
1021 X509_NAME_add_entry_by_txt(name,
"ST", MBSTRING_UTF8, (
const unsigned char*)entry,
1022 (
int)length, -1, 0);
1024 entry = x509_name_parse(arg->Value,
"L", &length);
1027 X509_NAME_add_entry_by_txt(name,
"L", MBSTRING_UTF8, (
const unsigned char*)entry,
1028 (
int)length, -1, 0);
1030 entry = x509_name_parse(arg->Value,
"O", &length);
1033 X509_NAME_add_entry_by_txt(name,
"O", MBSTRING_UTF8, (
const unsigned char*)entry,
1034 (
int)length, -1, 0);
1036 entry = x509_name_parse(arg->Value,
"OU", &length);
1039 X509_NAME_add_entry_by_txt(name,
"OU", MBSTRING_UTF8, (
const unsigned char*)entry,
1040 (
int)length, -1, 0);
1042 entry = context->common_name;
1043 length = strlen(entry);
1044 X509_NAME_add_entry_by_txt(name,
"CN", MBSTRING_UTF8, (
const unsigned char*)entry,
1045 (
int)length, -1, 0);
1049 entry = context->common_name;
1050 length = strlen(entry);
1051 X509_NAME_add_entry_by_txt(name,
"CN", MBSTRING_UTF8, (
const unsigned char*)entry,
1052 (
int)length, -1, 0);
1055 X509_set_issuer_name(context->x509, name);
1056 x509_add_ext(context->x509, NID_ext_key_usage,
"serverAuth");
1057 arg = CommandLineFindArgumentA(args,
"a");
1060 if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
1062 md = EVP_get_digestbyname(arg->Value);
1067 if (!X509_sign(context->x509, context->pkey, md))
1074 if (!context->silent)
1078 char* x509_str = NULL;
1079 bio = BIO_new(BIO_s_mem());
1084 status = X509_print(bio, context->x509);
1092 x509_str = makecert_read_str(bio, NULL);
1099 printf(
"%s", x509_str);
1110 if (!winpr_PathFileExists(context->output_path))
1112 if (!CreateDirectoryA(context->output_path, NULL))
1116 if (makecert_context_output_certificate_file(context, context->output_path) != 1)
1119 if (context->crtFormat)
1121 if (makecert_context_output_private_key_file(context, context->output_path) < 0)
1128 WLog_ERR(TAG,
"%s only supported with OpenSSL", __func__);
1133 MAKECERT_CONTEXT* makecert_context_new(
void)
1135 MAKECERT_CONTEXT* context = (MAKECERT_CONTEXT*)calloc(1,
sizeof(MAKECERT_CONTEXT));
1139 context->crtFormat = TRUE;
1140 context->duration_years = 1;
1146 void makecert_context_free(MAKECERT_CONTEXT* context)
1150 free(context->password);
1151 free(context->default_name);
1152 free(context->common_name);
1153 free(context->output_file);
1154 free(context->output_path);
1156 X509_free(context->x509);
1157 EVP_PKEY_free(context->pkey);
1158 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
1159 CRYPTO_cleanup_all_ex_data();
1.9.1