diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-02-18 17:47:43 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-02-18 17:47:43 +1100 |
commit | 48ba64010046bece3b54009131f88c851ec82047 (patch) | |
tree | 0430d009052247af062a3f0f301f2eab33c4d969 /source4/lib/tls/tlscert.c | |
parent | 6b8b7665bdbf47e70e0d6d904c1234c03321182d (diff) | |
parent | bb7e6f0f51a91e461c18efd392af3e4fc6174c34 (diff) | |
download | samba-48ba64010046bece3b54009131f88c851ec82047.tar.gz samba-48ba64010046bece3b54009131f88c851ec82047.tar.bz2 samba-48ba64010046bece3b54009131f88c851ec82047.zip |
Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
Diffstat (limited to 'source4/lib/tls/tlscert.c')
-rw-r--r-- | source4/lib/tls/tlscert.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c index f2e79f2a89..62e7a72240 100644 --- a/source4/lib/tls/tlscert.c +++ b/source4/lib/tls/tlscert.c @@ -24,21 +24,20 @@ #if ENABLE_GNUTLS #include "gnutls/gnutls.h" #include "gnutls/x509.h" +#if HAVE_GCRYPT_H +#include <gcrypt.h> +#endif #define ORGANISATION_NAME "Samba Administration" #define UNIT_NAME "Samba - temporary autogenerated certificate" -#define COMMON_NAME "Samba" #define LIFETIME 700*24*60*60 #define DH_BITS 1024 -void tls_cert_generate(TALLOC_CTX *mem_ctx, - const char *keyfile, const char *certfile, - const char *cafile); - /* auto-generate a set of self signed certificates */ void tls_cert_generate(TALLOC_CTX *mem_ctx, + const char *hostname, const char *keyfile, const char *certfile, const char *cafile) { @@ -67,8 +66,14 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, TLSCHECK(gnutls_global_init()); - DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https\n")); + DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", + hostname)); +#ifdef HAVE_GCRYPT_H + DEBUG(3,("Enabling QUICK mode in gcrypt\n")); + gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); +#endif + DEBUG(3,("Generating private key\n")); TLSCHECK(gnutls_x509_privkey_init(&key)); TLSCHECK(gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, DH_BITS, 0)); @@ -87,7 +92,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, UNIT_NAME, strlen(UNIT_NAME))); TLSCHECK(gnutls_x509_crt_set_dn_by_oid(cacrt, GNUTLS_OID_X520_COMMON_NAME, 0, - COMMON_NAME, strlen(COMMON_NAME))); + hostname, strlen(hostname))); TLSCHECK(gnutls_x509_crt_set_key(cacrt, cakey)); TLSCHECK(gnutls_x509_crt_set_serial(cacrt, &serial, sizeof(serial))); TLSCHECK(gnutls_x509_crt_set_activation_time(cacrt, activation)); @@ -113,7 +118,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, UNIT_NAME, strlen(UNIT_NAME))); TLSCHECK(gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0, - COMMON_NAME, strlen(COMMON_NAME))); + hostname, strlen(hostname))); TLSCHECK(gnutls_x509_crt_set_key(crt, key)); TLSCHECK(gnutls_x509_crt_set_serial(crt, &serial, sizeof(serial))); TLSCHECK(gnutls_x509_crt_set_activation_time(crt, activation)); |