From 43cce1b10901bff92d5bd52595ef3b7b4e65ee80 Mon Sep 17 00:00:00 2001 From: Jaakko Keränen Date: Thu, 22 Jul 2021 06:56:08 +0300 Subject: Generated certificates should be self-issued RFC 5280 defines a self-signed CA certificate as also being self-issued, so to honor this definition we set the issuer and the subject to be fully equivalent. IssueID #316 --- src/gmcerts.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/gmcerts.c') diff --git a/src/gmcerts.c b/src/gmcerts.c index d8e77b12..2c7b1122 100644 --- a/src/gmcerts.c +++ b/src/gmcerts.c @@ -589,8 +589,15 @@ static iGmIdentity *add_GmCerts_(iGmCerts *d, iTlsCertificate *cert, int flags) iGmIdentity *newIdentity_GmCerts(iGmCerts *d, int flags, iDate validUntil, const iString *commonName, const iString *email, const iString *userId, const iString *domain, const iString *org, const iString *country) { + /* Note: RFC 5280 defines a self-signed CA certificate as also being self-issued, so + to honor this definition we set the issuer and the subject to be fully equivalent. */ const iTlsCertificateName names[] = { { issuerCommonName_TlsCertificateNameType, commonName }, + { issuerEmailAddress_TlsCertificateNameType, !isEmpty_String(email) ? email : NULL }, + { issuerUserId_TlsCertificateNameType, !isEmpty_String(userId) ? userId : NULL }, + { issuerDomain_TlsCertificateNameType, !isEmpty_String(domain) ? domain : NULL }, + { issuerOrganization_TlsCertificateNameType, !isEmpty_String(org) ? org : NULL }, + { issuerCountry_TlsCertificateNameType, !isEmpty_String(country) ? country : NULL }, { subjectCommonName_TlsCertificateNameType, commonName }, { subjectEmailAddress_TlsCertificateNameType, !isEmpty_String(email) ? email : NULL }, { subjectUserId_TlsCertificateNameType, !isEmpty_String(userId) ? userId : NULL }, -- cgit v1.2.3