File Reference
#include "squid.h"
#include "ssl/gadgets.h"
Include dependency graph for

Go to the source code of this file.


static bool setSerialNumber (ASN1_INTEGER *ai, BIGNUM const *serial)
static bool replaceCommonName (Security::CertPointer &cert, std::string const &rawCn)
static void printX509Signature (const Security::CertPointer &cert, std::string &out)
static bool mimicAuthorityKeyId (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert)
static int mimicExtensions (Security::CertPointer &cert, Security::CertPointer const &mimicCert, Security::CertPointer const &issuerCert)
static bool addAltNameWithSubjectCn (Security::CertPointer &cert)
static bool buildCertificate (Security::CertPointer &cert, Ssl::CertificateProperties const &properties)
static bool generateFakeSslCertificate (Security::CertPointer &certToStore, Security::PrivateKeyPointer &pkeyToStore, Ssl::CertificateProperties const &properties, Ssl::BIGNUM_Pointer const &serial)
static BIGNUM * createCertSerial (unsigned char *md, unsigned int n)
static BIGNUM * x509Digest (Security::CertPointer const &cert)
static BIGNUM * x509Pubkeydigest (Security::CertPointer const &cert)
static bool createSerial (Ssl::BIGNUM_Pointer &serial, Ssl::CertificateProperties const &properties)
static bool asn1timeToGeneralizedTimeStr (ASN1_TIME *aTime, char *buf, int bufLen)
 Print the time represented by a ASN1_TIME struct to a string using GeneralizedTime format. More...
static int asn1time_cmp (ASN1_TIME *asnTime1, ASN1_TIME *asnTime2)
static const char * getSubjectEntry (X509 *x509, int nid)


static const size_t MaxCnLen = 64

Function Documentation

◆ addAltNameWithSubjectCn()

static bool addAltNameWithSubjectCn ( Security::CertPointer cert)

Adds a new subjectAltName extension contining Subject CN or returns false expects the caller to check for the existing subjectAltName extension

Definition at line 433 of file

References Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.

Referenced by buildCertificate().

◆ asn1time_cmp()

static int asn1time_cmp ( ASN1_TIME *  asnTime1,
ASN1_TIME *  asnTime2 

Definition at line 801 of file

References asn1timeToGeneralizedTimeStr().

Referenced by Ssl::certificateMatchesProperties().

◆ asn1timeToGeneralizedTimeStr()

static bool asn1timeToGeneralizedTimeStr ( ASN1_TIME *  aTime,
char *  buf,
int  bufLen 

Definition at line 772 of file

References buf.

Referenced by asn1time_cmp().

◆ buildCertificate()

◆ createCertSerial()

static BIGNUM* createCertSerial ( unsigned char *  md,
unsigned int  n 

Definition at line 598 of file

References assert, and NULL.

Referenced by x509Digest(), and x509Pubkeydigest().

◆ createSerial()

static bool createSerial ( Ssl::BIGNUM_Pointer serial,
Ssl::CertificateProperties const &  properties 

Generate a unique serial number based on a Ssl::CertificateProperties object for a new generated certificate

Definition at line 651 of file

References generateFakeSslCertificate(), Security::LockingPointer< T, UnLocker, Locker >::reset(), Ssl::CertificateProperties::signWithX509, x509Digest(), and x509Pubkeydigest().

Referenced by Ssl::generateSslCertificate().

◆ generateFakeSslCertificate()

◆ getSubjectEntry()

static const char* getSubjectEntry ( X509 *  x509,
int  nid 

Definition at line 885 of file

References NULL.

Referenced by Ssl::CommonHostName(), and Ssl::getOrganization().

◆ mimicAuthorityKeyId()

static bool mimicAuthorityKeyId ( Security::CertPointer cert,
Security::CertPointer const &  mimicCert,
Security::CertPointer const &  issuerCert 

Check if mimicCert certificate has the Authority Key Identifier extension and if yes add the extension to cert certificate with the same fields if possible. If the issuerCert certificate does not have the Subject Key Identifier extension (required to build the keyIdentifier field of AuthorityKeyIdentifier) then the authorityCertIssuer and authorityCertSerialNumber fields added.

issuer name and issuer serial

Definition at line 276 of file

References Security::LockingPointer< T, UnLocker, Locker >::get(), method, and NULL.

Referenced by mimicExtensions().

◆ mimicExtensions()

static int mimicExtensions ( Security::CertPointer cert,
Security::CertPointer const &  mimicCert,
Security::CertPointer const &  issuerCert 

Copy certificate extensions from cert to mimicCert. Returns the number of extensions copied.

Definition at line 357 of file

References assert, EVP_PKEY_get0_RSA(), Security::LockingPointer< T, UnLocker, Locker >::get(), i, method, mimicAuthorityKeyId(), NULL, and p.

Referenced by buildCertificate().

◆ printX509Signature()

static void printX509Signature ( const Security::CertPointer cert,
std::string &  out 

Definition at line 218 of file

References i, and Ssl::X509_get_signature().

Referenced by Ssl::OnDiskCertificateDbKey().

◆ replaceCommonName()

static bool replaceCommonName ( Security::CertPointer cert,
std::string const &  rawCn 

Definition at line 152 of file

References Security::LockingPointer< T, UnLocker, Locker >::get(), and MaxCnLen.

Referenced by buildCertificate().

◆ x509Digest()

static BIGNUM* x509Digest ( Security::CertPointer const &  cert)

Return the SHA1 digest of the DER encoded version of the certificate stored in a BIGNUM

Definition at line 627 of file

References createCertSerial(), Security::LockingPointer< T, UnLocker, Locker >::get(), and NULL.

Referenced by createSerial().

◆ x509Pubkeydigest()

static BIGNUM* x509Pubkeydigest ( Security::CertPointer const &  cert)

Variable Documentation

◆ MaxCnLen

const size_t MaxCnLen = 64

Definition at line 149 of file

Referenced by replaceCommonName().






Web Site Translations