Skip to content
This repository has been archived by the owner on Aug 19, 2022. It is now read-only.

set a random certificate subject #100

Merged
merged 2 commits into from
Nov 23, 2021
Merged

set a random certificate subject #100

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c248f7a
set a random certificate issuer
marten-seemann Nov 9, 2021
22da1a4
set an actual NotBefore time on the certificate
marten-seemann Nov 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions crypto.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,14 +183,22 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) {
return nil, err
}

sn, err := rand.Int(rand.Reader, big.NewInt(1<<62))
bigNum := big.NewInt(1 << 62)
sn, err := rand.Int(rand.Reader, bigNum)
if err != nil {
return nil, err
}
subjectSN, err := rand.Int(rand.Reader, bigNum)
if err != nil {
return nil, err
}
tmpl := &x509.Certificate{
SerialNumber: sn,
NotBefore: time.Time{},
NotBefore: time.Now().Add(-time.Hour),
NotAfter: time.Now().Add(certValidityPeriod),
// According to RFC 3280, the issuer field must be set,
// see https://datatracker.ietf.org/doc/html/rfc3280#section-4.1.2.4.
Subject: pkix.Name{SerialNumber: subjectSN.String()},
// after calling CreateCertificate, these will end up in Certificate.Extensions
ExtraExtensions: []pkix.Extension{
{Id: extensionID, Critical: extensionCritical, Value: value},
Expand Down