diff options
author | Martin Szulecki | 2013-09-06 01:15:23 +0200 |
---|---|---|
committer | Martin Szulecki | 2013-09-17 11:43:33 +0200 |
commit | 55869758d72338696139806f32cee696848f9875 (patch) | |
tree | 9e64e94e9e40383101c18b8a2c7f1f5f0463cfc3 | |
parent | b1f61497e6f3bf6f6e18d12e29b3bcd209f39535 (diff) | |
download | libimobiledevice-55869758d72338696139806f32cee696848f9875.tar.gz libimobiledevice-55869758d72338696139806f32cee696848f9875.tar.bz2 |
lockdown: Add missing x509 extensions to match other platforms using OpenSSL
-rw-r--r-- | src/lockdown.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index f846be3..c7a3c0d 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -1300,7 +1300,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t X509_EXTENSION* ext; if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, (char*)"critical,CA:FALSE"))) { - debug_info("ERROR: X509V3_EXT_conf_nid failed"); + debug_info("ERROR: X509V3_EXT_conf_nid failedĀ for Basic Constraints"); } X509_add_ext(dev_cert, ext, -1); X509_EXTENSION_free(ext); @@ -1311,7 +1311,7 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t ASN1_TIME_set(asn1time, time(NULL) + (60 * 60 * 24 * 365 * 10)); X509_set_notAfter(dev_cert, asn1time); ASN1_TIME_free(asn1time); - + BIO* membp; X509* rootCert = NULL; @@ -1329,6 +1329,22 @@ lockdownd_error_t lockdownd_gen_pair_cert_for_udid(const char *udid, key_data_t X509_free(rootCert); } + X509V3_CTX ctx; + X509V3_set_ctx_nodb(&ctx); + X509V3_set_ctx(&ctx, NULL, dev_cert, NULL, NULL, 0); + + if (!(ext = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, (char*)"hash"))) { + debug_info("ERROR: X509V3_EXT_conf_nid failed for Subject Key identifier"); + } + X509_add_ext(dev_cert, ext, -1); + X509_EXTENSION_free(ext); + + if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, (char*)"critical,digitalSignature,keyEncipherment"))) { + debug_info("ERROR: X509V3_EXT_conf_nid failed for Key Usage"); + } + X509_add_ext(dev_cert, ext, -1); + X509_EXTENSION_free(ext); + EVP_PKEY* rootPriv = NULL; membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size); PEM_read_bio_PrivateKey(membp, &rootPriv, NULL, NULL); |