From e16fff0336bbb567da1f38ff8554b700db4f2d18 Mon Sep 17 00:00:00 2001 From: Ishan Sharma Date: Tue, 30 Jan 2024 10:02:21 +0530 Subject: [PATCH 1/3] Added generic functionality for adding extensions to X509 --- OpenSSL/X509.hsc | 2 +- OpenSSL/X509/Request.hs | 17 +++++++++++++++++ examples/HelloWorld.hs | 6 +++--- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/OpenSSL/X509.hsc b/OpenSSL/X509.hsc index b27aeec..1c60ee9 100644 --- a/OpenSSL/X509.hsc +++ b/OpenSSL/X509.hsc @@ -5,7 +5,7 @@ -- |An interface to X.509 certificate. module OpenSSL.X509 ( -- * Type - X509 + X509(..) , X509_ -- * Functions to manipulate certificate diff --git a/OpenSSL/X509/Request.hs b/OpenSSL/X509/Request.hs index 5d5373b..2bc6cdf 100644 --- a/OpenSSL/X509/Request.hs +++ b/OpenSSL/X509/Request.hs @@ -32,6 +32,7 @@ module OpenSSL.X509.Request , setPublicKey , addExtensions + , addExtensionTox509 ) where @@ -100,6 +101,8 @@ foreign import capi unsafe "openssl/x509v3.h X509V3_EXT_nconf_nid" foreign import capi unsafe "openssl/x509.h X509_REQ_add_extensions" _req_add_extensions :: Ptr X509_REQ -> Ptr STACK -> IO CInt +foreign import capi unsafe "openssl/x509.h X509_add_ext" + _X509_add_ext :: Ptr Cert.X509_ -> Ptr X509_EXT -> CInt -> IO CInt -- |@'newX509Req'@ creates an empty certificate request. You must set -- the following properties to and sign it (see 'signX509Req') to @@ -296,3 +299,17 @@ makeX509FromReq req caCert Cert.setPublicKey cert =<< getPublicKey req return cert + +addExtensionTox509 :: X509 -> Int -> String -> IO Bool +addExtensionTox509 (Cert.X509 certFPtr) nid value = do + -- Context and config pointers are set to nullPtr for simplicity. + -- Depending on your use case, you might need to provide actual values. + result <- withForeignPtr certFPtr $ \certPtr -> + withCString value $ \cValue -> do + extPtr <- _ext_create nullPtr nullPtr (fromIntegral nid) cValue + if extPtr /= nullPtr + then do + res <- _X509_add_ext certPtr extPtr (-1) -- Add to the end + return (res == 0) + else return False + return result diff --git a/examples/HelloWorld.hs b/examples/HelloWorld.hs index 98e495b..2bad165 100644 --- a/examples/HelloWorld.hs +++ b/examples/HelloWorld.hs @@ -15,9 +15,9 @@ import Text.Printf main = withOpenSSL $ - do putStrLn "cipher: DES-CBC" - des <- liftM fromJust $ getCipherByName "DES-CBC" - + do putStrLn "cipher: DES3" + des <- liftM fromJust $ getCipherByName "DES3" + putStrLn "generating RSA keypair..." rsa <- generateRSAKey 512 65537 Nothing From 0a7ec46784d8b48adeb877f98a4b52748c9086ce Mon Sep 17 00:00:00 2001 From: Ishan Sharma Date: Tue, 30 Jan 2024 10:22:22 +0530 Subject: [PATCH 2/3] Correcting Camel Case --- OpenSSL/X509/Request.hs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/OpenSSL/X509/Request.hs b/OpenSSL/X509/Request.hs index 2bc6cdf..afcf715 100644 --- a/OpenSSL/X509/Request.hs +++ b/OpenSSL/X509/Request.hs @@ -32,7 +32,7 @@ module OpenSSL.X509.Request , setPublicKey , addExtensions - , addExtensionTox509 + , addExtensionToX509 ) where @@ -300,8 +300,8 @@ makeX509FromReq req caCert return cert -addExtensionTox509 :: X509 -> Int -> String -> IO Bool -addExtensionTox509 (Cert.X509 certFPtr) nid value = do +addExtensionToX509 :: X509 -> Int -> String -> IO Bool +addExtensionToX509 (Cert.X509 certFPtr) nid value = do -- Context and config pointers are set to nullPtr for simplicity. -- Depending on your use case, you might need to provide actual values. result <- withForeignPtr certFPtr $ \certPtr -> From 61c5ec3164d93a210388c6f49dda06febd15eb8d Mon Sep 17 00:00:00 2001 From: Ishan Sharma Date: Wed, 31 Jan 2024 17:29:33 +0530 Subject: [PATCH 3/3] Added examples on how to call the function --- OpenSSL/X509/Request.hs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OpenSSL/X509/Request.hs b/OpenSSL/X509/Request.hs index afcf715..3403cd4 100644 --- a/OpenSSL/X509/Request.hs +++ b/OpenSSL/X509/Request.hs @@ -300,6 +300,11 @@ makeX509FromReq req caCert return cert +-- Add Extensions to certificate (when Server accepting certs requires it) +-- e.g. : +-- addExtensionToX509 cert1 87 "CA:FALSE" +-- addExtensionToX509 cert1 85 "critical,serverAuth, clientAuth" - when this extension field is critical + addExtensionToX509 :: X509 -> Int -> String -> IO Bool addExtensionToX509 (Cert.X509 certFPtr) nid value = do -- Context and config pointers are set to nullPtr for simplicity.