hans/racket-self-signed-cert
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

-

Browse Source
This commit is contained in:
Hans Dijkema
2026-03-08 01:33:37 +01:00
parent 3ded80496f
commit 7b1f044279
1 changed files with 23 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
private/self-signed-cert.rkt
View File

@@ -141,6 +141,8 @@
(define EVP_PKEY_RSA NID_rsaEncryption)
(define V_ASN1_OCTET_STRING 4)
(define NID_subject_alt_name 85)
(define NID_netscape_comment 78)
(define X509_VERSION_3 2) ;; See OpenSSL documentation
(define _string/utf-8-pointer (_ptr o _string/utf-8))
@@ -170,6 +172,7 @@
(X509_new (_fun -> _X509-pointer))
(X509_free (_fun _X509-pointer -> _void))
(X509_set_version (_fun _X509-pointer _int -> _int))
(X509_get_serialNumber (_fun _X509-pointer -> _ASN1_INTEGER-pointer))
(X509_get0_notBefore (_fun _X509-pointer -> _ASN1_TIME-pointer))
(X509_get0_notAfter (_fun _X509-pointer -> _ASN1_TIME-pointer))
@@ -179,6 +182,7 @@
(X509_NAME_add_entry_by_txt (_fun _X509_NAME-pointer _string/utf-8 _int _string/utf-8 _int _int _int -> _int))
(X509_set_issuer_name (_fun _X509-pointer _X509_NAME-pointer -> _int))
(X509_sign (_fun _X509-pointer _EVP_PKEY-pointer _EVP_MD-pointer -> _int))
(X509V3_EXT_conf_nid (_fun _pointer _pointer _int _string/utf-8 -> _X509_EXTENSION-pointer))
(X509_EXTENSION_create_by_NID (_fun _pointer ; could also be, (ep : (_ptr o _X509_EXTENSION-pointer)), but works fine when #f is provided
_int _int _ASN1_STRING-pointer -> (p : _X509_EXTENSION-pointer)
-> p))
@@ -220,6 +224,8 @@
;; Provided function
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(define gen-san #t)
(version-define 1
(generate-key
(λ (bits)
@@ -240,6 +246,7 @@
(when (eq? x509 #f)
(error "Unable to create X509 structure"))
(X509_set_version x509 X509_VERSION_3)
(ASN1_INTEGER_set (X509_get_serialNumber x509) 1)
(X509_gmtime_adj (X509_get0_notBefore x509) 0)
(X509_gmtime_adj (X509_get0_notAfter x509) (* duration-in-days 24 3600))
@@ -255,33 +262,22 @@
"CN" MBSTRING_UTF8 first-host -1 -1 0)
(X509_set_issuer_name x509 x509-name)
;(let* ((alt-name (string-join
; (map make-alt-entry hosts) ", "))
; (ext-san #f)
; (subj-alt-name-asn1 #f)
; )
;
; (set! subj-alt-name-asn1 (ASN1_OCTET_STRING_new))
; (when (eq? subj-alt-name-asn1 #f)
; (error "Cannot allocate Subject Alt Name ASN1 string"))
;
; (ASN1_OCTET_STRING_set subj-alt-name-asn1
; alt-name (string-length alt-name))
;
; (let ((r (X509_EXTENSION_create_by_NID #f NID_subject_alt_name 0 subj-alt-name-asn1)))
; (when (eq? r #f)
; (error "Cannot allocate X509 Extenstion for Subject Alt Name"))
;
; (let* ((extension_san r)
; (re (X509_add_ext x509 extension_san -1)))
; (when (= re 0)
; (error "Cannot add extension to X509"))
;
; (X509_EXTENSION_free extension_san)))
;
; (ASN1_STRING_free subj-alt-name-asn1)
; )
)
(when gen-san
(let* ((alt-name (string-join
(map make-alt-entry hosts) ","))
)
(let ((ex (X509V3_EXT_conf_nid #f #f NID_subject_alt_name alt-name)))
(X509_add_ext x509 ex -1)
(X509_EXTENSION_free ex))
(let ((ex (X509V3_EXT_conf_nid #f #f NID_netscape_comment "Created by Racket Self Signed Certificate module, see https://pkgd.racket-lang.org/pkgn/package/racket-self-signed-cert")))
(X509_add_ext x509 ex -1)
(X509_EXTENSION_free ex))
)
)
(when (= (X509_sign x509 pkey (EVP_sha1)) 0)
(X509_free x509)
@@ -318,14 +314,7 @@
(EVP_PKEY_free pkey)
(X509_free x509)
;(displayln pkey-data)
;(displayln x509-data)
;(displayln (format "pkey: ~a" (bytes->string/utf-8 pkey-data)))
;(displayln (format "cert: ~a" (bytes->string/utf-8 x509-data)))
(make-self-signed-cert pkey-data x509-data)
;(bytes->string/utf-8 pkey-data)
; (bytes->string/utf-8 x509-data))
)
)
)