[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] Implement and test server descriptors.
Update of /home/minion/cvsroot/src/minion/src
In directory moria.seul.org:/tmp/cvs-serv27794/src
Modified Files:
crypt.c tls.c
Log Message:
Implement and test server descriptors.
Config:
- Add functionality for allow/deny rules.
- Add 'restricted' format for descriptors
- Add fast path for assumed-valid files
- Make 'Host' sections of config optional
- Add more key-management and descriptor-generation fields to
server config.
Crypto:
- Add wrappers for PEM
ServerInfo:
- Implement and debug server descriptors
test:
- Tests for above functionality
- Tests for logs
crypt.c:
- Change generate_cert to take a time range instead of a number
of days.
tls.c:
- Remove stale XXXX comment.
Index: crypt.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/crypt.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- crypt.c 9 Jul 2002 04:07:14 -0000 1.8
+++ crypt.c 28 Jul 2002 22:42:33 -0000 1.9
@@ -2,6 +2,8 @@
/* $Id$ */
#include <Python.h>
+#include <time.h>
+
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/aes.h>
@@ -871,20 +873,25 @@
}
const char mm_generate_cert__doc__[] =
- "generate_cert(filename, rsa, days, cn)\n\n"
- "Generate a self-signed X509 certificate suitable for use by a Mixminion\n"
- "server. The certificate will be stored to <filename>, and use the\n"
- "=private= key <rsa>. It will be valid for the next <days> days. The\n"
- "certificate\'s commonName field will be set to <cn>. All other fields\n"
- "will be given reasonable defaults.\n";
+ "generate_cert(filename, rsa, cn, start_time, end_time)\n\n"
+ "Generate a self-signed X509 certificate suitable for use by a Mixminion\n"
+ "server. The certificate will be stored to <filename>, and use the\n"
+ "=private= key <rsa>. The certificate\'s commonName field will be set to\n"
+ "<cn>. The key will be valid from <start_time> until <end_time>.\n"
+ "All other fields will be given reasonable defaults.\n";
PyObject *
mm_generate_cert(PyObject *self, PyObject *args, PyObject *kwargs)
{
- static char *kwlist[] = { "filename", "rsa", "days", "cn", NULL };
+ static char *kwlist[] = { "filename", "rsa", "cn",
+ "start_time", "end_time", NULL };
char *filename, *cn;
PyObject *_rsa;
- int days;
+ /* XXXX Python wants to write into longs. C wants time_t. We should
+ * XXXX check somewhere to be sure that we can case long to time_t
+ * XXXX without ill effects.
+ */
+ long start_time, end_time;
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
@@ -893,10 +900,12 @@
X509_NAME *name = NULL;
int nid;
PyObject *retval;
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO!is:PEM_write_key",
+ time_t time;
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO!sll:generate_cert",
kwlist, &filename,
- &mm_RSA_Type, &_rsa, &days, &cn))
+ &mm_RSA_Type, &_rsa, &cn,
+ &start_time, &end_time))
return NULL;
if (!(rsa = RSAPrivateKey_dup(((mm_RSA*)_rsa)->rsa)))
@@ -927,9 +936,12 @@
if (!(X509_set_issuer_name(x509, name)))
goto error;
- if (!X509_gmtime_adj(X509_get_notBefore(x509),0))
+
+ time = (time_t) start_time;
+ if (!X509_time_adj(X509_get_notBefore(x509),0,&time))
goto error;
- if (!X509_gmtime_adj(X509_get_notAfter(x509), 60L*60L*24L*days))
+ time = (time_t) end_time;
+ if (!X509_time_adj(X509_get_notAfter(x509),0,&time))
goto error;
if (!(X509_set_pubkey(x509, pkey)))
goto error;
Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- tls.c 25 Jul 2002 15:52:57 -0000 1.5
+++ tls.c 28 Jul 2002 22:42:33 -0000 1.6
@@ -88,8 +88,6 @@
#define mm_TLSSock_Check(v) ((v)->ob_type == &mm_TLSSock_Type)
-/* XXXX Code to make new cert */
-
const char mm_TLSContext_new__doc__[] =
"TLSContext([certfile, [rsa, [dhfile] ] ] )\n\n"
"Allocates a new TLSContext object. The files, if provided, are used\n"