mirror of
https://github.com/golang/go
synced 2024-11-21 18:34:44 -07:00
x509: support non-self-signed certs.
For generating non-self-signed certs we need to be able to specify a public key (for the signee) which is different from the private key (of the signer). R=rsc CC=golang-dev https://golang.org/cl/1741045
This commit is contained in:
parent
400f7a6ba5
commit
9c09ed13d2
@ -761,19 +761,20 @@ var (
|
||||
// MaxPathLen, SubjectKeyId, DNSNames.
|
||||
//
|
||||
// The certificate is signed by parent. If parent is equal to template then the
|
||||
// certificate is self-signed.
|
||||
// certificate is self-signed. pub is the public key of the signee. priv is the
|
||||
// private key of the signer.
|
||||
//
|
||||
// The returned slice is the certificate in DER encoding.
|
||||
func CreateCertificate(rand io.Reader, template, parent *Certificate, priv *rsa.PrivateKey) (cert []byte, err os.Error) {
|
||||
func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.PublicKey, priv *rsa.PrivateKey) (cert []byte, err os.Error) {
|
||||
asn1PublicKey, err := asn1.MarshalToMemory(rsaPublicKey{
|
||||
N: asn1.RawValue{Tag: 2, Bytes: priv.PublicKey.N.Bytes()},
|
||||
E: priv.PublicKey.E,
|
||||
N: asn1.RawValue{Tag: 2, Bytes: pub.N.Bytes()},
|
||||
E: pub.E,
|
||||
})
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if len(template.SubjectKeyId) > 0 && len(parent.SubjectKeyId) > 0 {
|
||||
if len(parent.SubjectKeyId) > 0 {
|
||||
template.AuthorityKeyId = parent.SubjectKeyId
|
||||
}
|
||||
|
||||
|
@ -174,7 +174,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
|
||||
DNSNames: []string{"test.example.com"},
|
||||
}
|
||||
|
||||
derBytes, err := CreateCertificate(urandom, &template, &template, priv)
|
||||
derBytes, err := CreateCertificate(urandom, &template, &template, &priv.PublicKey, priv)
|
||||
if err != nil {
|
||||
t.Errorf("Failed to create certificate: %s", err)
|
||||
return
|
||||
|
Loading…
Reference in New Issue
Block a user