Changed the X.509 version number in generated certs from 1 to 3, so that SecCertificateCreateFromData on iPhone will accept them. :-/
1.1 --- a/MYCertificateInfo.m Tue Jun 09 23:58:03 2009 -0700
1.2 +++ b/MYCertificateInfo.m Wed Jun 10 09:02:18 2009 -0700
1.3 @@ -21,9 +21,17 @@
1.4 #import "MYErrorUtils.h"
1.5
1.6
1.7 -#define kDefaultExpirationTime (60.0 * 60.0 * 24.0 * 365.0)
1.8 +#define kDefaultExpirationTime (60.0 * 60.0 * 24.0 * 365.0) /* that's 1 year */
1.9
1.10 +/* X.509 version number to generate. Even though my code doesn't (yet) add any of the post-v1
1.11 + metadata, it's necessary to write v3 or the resulting certs won't be accepted on some platforms,
1.12 + notably iPhone OS.
1.13 + "This field is used mainly for marketing purposes to claim that software is X.509v3 compliant
1.14 + (even when it isn't)." --Peter Gutmann */
1.15 +#define kCertRequestVersionNumber 3
1.16
1.17 +
1.18 +/* "Safe" NSArray accessor -- returns nil if out of range. */
1.19 static id $atIf(NSArray *array, NSUInteger index) {
1.20 return index < array.count ?[array objectAtIndex: index] :nil;
1.21 }
1.22 @@ -43,7 +51,7 @@
1.23
1.24
1.25 static MYOID *kRSAAlgorithmID, *kRSAWithSHA1AlgorithmID, *kCommonNameOID,
1.26 - *kGivenNameOID, *kSurnameOID, *kDescriptionOID, *kEmailOID;
1.27 + *kGivenNameOID, *kSurnameOID, *kDescriptionOID, *kEmailOID;
1.28
1.29
1.30 + (void) initialize {
1.31 @@ -209,7 +217,9 @@
1.32 - (id) initWithPublicKey: (MYPublicKey*)publicKey {
1.33 Assert(publicKey);
1.34 id empty = [NSNull null];
1.35 - id version = [[MYASN1Object alloc] initWithTag: 0 ofClass: 2 components: $array($object(0))];
1.36 + id version = [[MYASN1Object alloc] initWithTag: 0
1.37 + ofClass: 2
1.38 + components: $array($object(kCertRequestVersionNumber - 1))];
1.39 NSArray *root = $array( $marray(version,
1.40 empty, // serial #
1.41 $array(kRSAAlgorithmID),
1.42 @@ -493,8 +503,8 @@
1.43 CAssertEqual(subject2.surname, @"Case");
1.44 CAssertEqual(subject2.nameDescription, @"Just a test certificate created by MYCrypto");
1.45 CAssertEqual(subject2.emailAddress, @"testcase@example.com");
1.46 -
1.47 - Log(@"Verifying Signature...");
1.48 +
1.49 + Log(@"Creating MYCertificate object...");
1.50 MYCertificate *cert = [[MYCertificate alloc] initWithCertificateData: certData];
1.51 Log(@"Loaded %@", cert);
1.52 CAssert(cert);
2.1 Binary file Tests/generated.cer has changed