-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCS11 example for doing a CSR generation and creating signed certificate #318
base: master
Are you sure you want to change the base?
Conversation
…ed with PKCS11 key.
XMEMSET(pem, 0, LARGE_TEMP_SZ); | ||
#endif | ||
|
||
#ifdef HAVE_ECC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why check for HAVE_ECC here when other ECC APIs are used outside of this?
printf("Init Cert failed: %d\n", ret); | ||
goto exit; | ||
} | ||
strncpy(req.subject.country, "US", CTC_NAME_SIZE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extract the setting of subject to a new function and comment it to say it needs to be replaced.
newCert.sigType = CTC_SHA256wECDSA; | ||
|
||
printf("Setting certificate subject\n"); | ||
#ifdef HAVE_DECODEDCERT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extract this code in to separate function and add comment to indicate customer specific changes required.
strncpy(newCert.subject.email, decoded.subjectEmail, decoded.subjectEmailLen); | ||
#else | ||
/* This can be used if the DER is an X.509 certificate (not CSR) */ | ||
//ret = wc_SetSubjectBuffer(&newCert, derBuf, derSz); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove
/* Code for parsing a CSR to a DecodedCert struct */ | ||
/* Note: These are not public API's unless WOLFSSL_TEST_CERT or the compat | ||
* layer is enabled */ | ||
InitDecodedCert(&decoded, derBuf, derSz, HEAP_HINT); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wc_InitDecodedCert() and wc_ParseCert()?
printf("Setting certificate subject\n"); | ||
#ifdef HAVE_DECODEDCERT | ||
/* Copy fields from CSR to new certificate */ | ||
if (decoded.subjectC) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we get raw and set raw?
This is a rough template for:
wc_Pkcs11_CryptoDevCb
).