From 4fc807cedd9a481db9e0fc1633d8c169f53f4a8e Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 20 Feb 2011 12:12:55 +1300
Subject: Clean up certificate generation.

- Use templates for config files. We can re-introduce customization of the
certificate attributes when we need them.

- Split CA and cert generation into separate functions.

- Generation methods provide an error return when generation fails.

- When the user explicitly specifies a certificate, we don't generate it, but
fail if it doesn't exist.
---
 libmproxy/resources/ca.cnf | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 libmproxy/resources/ca.cnf

(limited to 'libmproxy/resources/ca.cnf')

diff --git a/libmproxy/resources/ca.cnf b/libmproxy/resources/ca.cnf
new file mode 100644
index 00000000..e46bb08f
--- /dev/null
+++ b/libmproxy/resources/ca.cnf
@@ -0,0 +1,33 @@
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+req_extensions = v3_ca_req
+
+[ req_distinguished_name ]
+organizationName               = mitmproxy
+commonName                     = Dummy CA
+
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+basicConstraints = critical,CA:true
+keyUsage = cRLSign, keyCertSign
+nsCertType = sslCA
+
+[ v3_ca_req ]
+basicConstraints = critical,CA:true
+keyUsage = cRLSign, keyCertSign
+nsCertType = sslCA
+
+[ v3_cert ]
+basicConstraints = CA:false
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+nsCertType = server
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+
+[ v3_cert_req ]
+basicConstraints = CA:false
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+nsCertType = server
-- 
cgit v1.2.3