MercurialMYCrypto / changeset
summary | shortlog | changelog | graph | tags | branches | files | changeset | raw | zip
Changed the X.509 version number in generated certs from 1 to 3, so that SecCertificateCreateFromData on iPhone will accept them. :-/
authorJens Alfke <jens@mooseyard.com>
Wed Jun 10 09:02:18 2009 -0700 (2009-06-10)
changeset 2538c3c3923e1f
parent 24 6856e071d25a
child 26 d9c2a06d4e4e
Changed the X.509 version number in generated certs from 1 to 3, so that SecCertificateCreateFromData on iPhone will accept them. :-/
MYCertificateInfo.m file | annotate | diff | revisions
Tests/generated.cer file | annotate | diff | revisions 
     1.1 --- a/MYCertificateInfo.m	Tue Jun 09 23:58:03 2009 -0700
     1.2 +++ b/MYCertificateInfo.m	Wed Jun 10 09:02:18 2009 -0700
     1.3 @@ -21,9 +21,17 @@
     1.4  #import "MYErrorUtils.h"
     1.5  
     1.6  
     1.7 -#define kDefaultExpirationTime (60.0 * 60.0 * 24.0 * 365.0)
     1.8 +#define kDefaultExpirationTime (60.0 * 60.0 * 24.0 * 365.0)     /* that's 1 year */
     1.9  
    1.10 +/*  X.509 version number to generate. Even though my code doesn't (yet) add any of the post-v1
    1.11 +    metadata, it's necessary to write v3 or the resulting certs won't be accepted on some platforms,
    1.12 +    notably iPhone OS.
    1.13 +    "This field is used mainly for marketing purposes to claim that software is X.509v3 compliant 
    1.14 +    (even when it isn't)." --Peter Gutmann */
    1.15 +#define kCertRequestVersionNumber 3
    1.16  
    1.17 +
    1.18 +/* "Safe" NSArray accessor -- returns nil if out of range. */
    1.19  static id $atIf(NSArray *array, NSUInteger index) {
    1.20      return index < array.count ?[array objectAtIndex: index] :nil;
    1.21  }
    1.22 @@ -43,7 +51,7 @@
    1.23  
    1.24  
    1.25  static MYOID *kRSAAlgorithmID, *kRSAWithSHA1AlgorithmID, *kCommonNameOID,
    1.26 -            *kGivenNameOID, *kSurnameOID, *kDescriptionOID, *kEmailOID;
    1.27 +             *kGivenNameOID, *kSurnameOID, *kDescriptionOID, *kEmailOID;
    1.28  
    1.29  
    1.30  + (void) initialize {
    1.31 @@ -209,7 +217,9 @@
    1.32  - (id) initWithPublicKey: (MYPublicKey*)publicKey {
    1.33      Assert(publicKey);
    1.34      id empty = [NSNull null];
    1.35 -    id version = [[MYASN1Object alloc] initWithTag: 0 ofClass: 2 components: $array($object(0))];
    1.36 +    id version = [[MYASN1Object alloc] initWithTag: 0 
    1.37 +                                           ofClass: 2
    1.38 +                                        components: $array($object(kCertRequestVersionNumber - 1))];
    1.39      NSArray *root = $array( $marray(version,
    1.40                                      empty,       // serial #
    1.41                                      $array(kRSAAlgorithmID),
    1.42 @@ -493,8 +503,8 @@
    1.43          CAssertEqual(subject2.surname, @"Case");
    1.44          CAssertEqual(subject2.nameDescription, @"Just a test certificate created by MYCrypto");
    1.45          CAssertEqual(subject2.emailAddress, @"testcase@example.com");
    1.46 -        
    1.47 -        Log(@"Verifying Signature...");
    1.48 +                
    1.49 +        Log(@"Creating MYCertificate object...");
    1.50          MYCertificate *cert = [[MYCertificate alloc] initWithCertificateData: certData];
    1.51          Log(@"Loaded %@", cert);
    1.52          CAssert(cert);

     2.1 Binary file Tests/generated.cer has changed
MYCrypto