mirror of
https://github.com/certbot/certbot.git
synced 2026-06-09 08:42:57 -04:00
merged into client.py
This commit is contained in:
Seth Schoen
parent
3c474aa163
commit
c04564b68c
2 changed files with 30 additions and 31 deletions
|
|
@ -57,6 +57,35 @@ def filter_names(names):
|
|||
sys.exit(1)
|
||||
return result[1]
|
||||
|
||||
|
||||
# based on M2Crypto unit test written by Toby Allsopp
|
||||
from M2Crypto import EVP, X509, RSA
|
||||
|
||||
def make_key_and_csr(names, bits=2048):
|
||||
"""Return a tuple (key, csr) containing a PEM-formatted private key
|
||||
of the specified number of bits and a CSR requesting a certificate for
|
||||
the specified DNS names."""
|
||||
assert names, "Must provide one or more hostnames."
|
||||
pk = EVP.PKey()
|
||||
x = X509.Request()
|
||||
rsa = RSA.gen_key(bits, 65537)
|
||||
pk.assign_rsa(rsa)
|
||||
key_pem = rsa.as_pem(cipher=None)
|
||||
rsa = None # should not be freed here
|
||||
x.set_pubkey(pk)
|
||||
name = x.get_subject()
|
||||
name.CN = names[0]
|
||||
extstack = X509.X509_Extension_Stack()
|
||||
for n in names:
|
||||
ext = X509.new_extension('subjectAltName', 'DNS:%s' % n)
|
||||
extstack.push(ext)
|
||||
x.add_extensions(extstack)
|
||||
x.sign(pk,'sha1')
|
||||
assert x.verify(pk)
|
||||
pk2 = x.get_pubkey()
|
||||
assert x.verify(pk2)
|
||||
return key_pem, x.as_pem()
|
||||
|
||||
def by_default():
|
||||
d = dialog.Dialog()
|
||||
choices = [("Easy", "Allow both HTTP and HTTPS access to these sites"), ("Secure", "Make all requests redirect to secure HTTPS access")]
|
||||
|
|
@ -183,7 +212,7 @@ def authenticate():
|
|||
key_pem = open(key_file).read().replace("\r", "")
|
||||
if not csr or not privkey:
|
||||
# Generate new private key and corresponding csr!
|
||||
key_pem, csr_pem = makerequest(2048, names)
|
||||
key_pem, csr_pem = make_key_and_csr(names, 2048)
|
||||
# TODO: IMPORTANT: NEED TO SAVE THESE TO FILES
|
||||
|
||||
if curses:
|
||||
|
|
|
|||
|
|
@ -1,30 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
# based on M2Crypto unit test written by Toby Allsopp
|
||||
|
||||
from M2Crypto import EVP, X509, RSA
|
||||
|
||||
def make_key_and_csr(names, bits=2048):
|
||||
"""Return a tuple (key, csr) containing a PEM-formatted private key
|
||||
of the specified number of bits and a CSR requesting a certificate for
|
||||
the specified DNS names."""
|
||||
assert names, "Must provide one or more hostnames."
|
||||
pk = EVP.PKey()
|
||||
x = X509.Request()
|
||||
rsa = RSA.gen_key(bits, 65537)
|
||||
pk.assign_rsa(rsa)
|
||||
key_pem = rsa.as_pem(cipher=None)
|
||||
rsa = None # should not be freed here
|
||||
x.set_pubkey(pk)
|
||||
name = x.get_subject()
|
||||
name.CN = names[0]
|
||||
extstack = X509.X509_Extension_Stack()
|
||||
for n in names:
|
||||
ext = X509.new_extension('subjectAltName', 'DNS:%s' % n)
|
||||
extstack.push(ext)
|
||||
x.add_extensions(extstack)
|
||||
x.sign(pk,'sha1')
|
||||
assert x.verify(pk)
|
||||
pk2 = x.get_pubkey()
|
||||
assert x.verify(pk2)
|
||||
return key_pem, x.as_pem()
|
||||
Loading…
Reference in a new issue