http, crypto/tls: followup fixes from 1684051.

(TBR because this is just addressing previous review comments.)

R=r
CC=golang-dev
https://golang.org/cl/1697048
This commit is contained in:
Adam Langley 2010-07-02 16:43:48 -04:00
parent 7b22e867e7
commit 08ec2a8e44
2 changed files with 15 additions and 19 deletions

View File

@ -11,30 +11,26 @@ import (
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"encoding/pem" "encoding/pem"
"fmt" "flag"
"log" "log"
"os" "os"
"time" "time"
) )
func main() { var hostName *string = flag.String("host", "127.0.0.1", "Hostname to generate a certificate for")
if len(os.Args) != 2 {
fmt.Printf("Usage: %s <hostname of server>\n", os.Args[0])
return
}
hostName := os.Args[1] func main() {
flag.Parse()
urandom, err := os.Open("/dev/urandom", os.O_RDONLY, 0) urandom, err := os.Open("/dev/urandom", os.O_RDONLY, 0)
if err != nil { if err != nil {
log.Crashf("failed to open /dev/urandom: %s\n", err) log.Exitf("failed to open /dev/urandom: %s", err)
return return
} }
log.Stdoutf("Generating RSA key\n")
priv, err := rsa.GenerateKey(urandom, 1024) priv, err := rsa.GenerateKey(urandom, 1024)
if err != nil { if err != nil {
log.Crashf("failed to generate private key: %s\n", err) log.Exitf("failed to generate private key: %s", err)
return return
} }
@ -43,11 +39,11 @@ func main() {
template := x509.Certificate{ template := x509.Certificate{
SerialNumber: []byte{0}, SerialNumber: []byte{0},
Subject: x509.Name{ Subject: x509.Name{
CommonName: hostName, CommonName: *hostName,
Organization: "Acme Co", Organization: "Acme Co",
}, },
NotBefore: time.SecondsToUTC(now - 300), NotBefore: time.SecondsToUTC(now - 300),
NotAfter: time.SecondsToUTC(now + 86400*365), // valid for 1 year. NotAfter: time.SecondsToUTC(now + 60*60*24*365), // valid for 1 year.
SubjectKeyId: []byte{1, 2, 3, 4}, SubjectKeyId: []byte{1, 2, 3, 4},
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
@ -55,13 +51,13 @@ func main() {
derBytes, err := x509.CreateCertificate(urandom, &template, &template, &priv.PublicKey, priv) derBytes, err := x509.CreateCertificate(urandom, &template, &template, &priv.PublicKey, priv)
if err != nil { if err != nil {
log.Crashf("Failed to create certificate: %s", err) log.Exitf("Failed to create certificate: %s", err)
return return
} }
certOut, err := os.Open("cert.pem", os.O_WRONLY|os.O_CREAT, 0644) certOut, err := os.Open("cert.pem", os.O_WRONLY|os.O_CREAT, 0644)
if err != nil { if err != nil {
log.Crashf("failed to open cert.pem for writing: %s\n", err) log.Exitf("failed to open cert.pem for writing: %s", err)
return return
} }
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
@ -70,7 +66,7 @@ func main() {
keyOut, err := os.Open("key.pem", os.O_WRONLY|os.O_CREAT, 0600) keyOut, err := os.Open("key.pem", os.O_WRONLY|os.O_CREAT, 0600)
if err != nil { if err != nil {
log.Crashf("failed to open key.pem for writing: %s\n", err) log.Exitf("failed to open key.pem for writing: %s", err)
return return
} }
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})

8
tls.go
View File

@ -79,7 +79,7 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
certDERBlock, _ := pem.Decode(certPEMBlock) certDERBlock, _ := pem.Decode(certPEMBlock)
if certDERBlock == nil { if certDERBlock == nil {
err = os.ErrorString("failed to parse certificate PEM data") err = os.ErrorString("crypto/tls: failed to parse certificate PEM data")
return return
} }
@ -92,13 +92,13 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
keyDERBlock, _ := pem.Decode(keyPEMBlock) keyDERBlock, _ := pem.Decode(keyPEMBlock)
if keyDERBlock == nil { if keyDERBlock == nil {
err = os.ErrorString("failed to parse key PEM data") err = os.ErrorString("crypto/tls: failed to parse key PEM data")
return return
} }
key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes) key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes)
if err != nil { if err != nil {
err = os.ErrorString("failed to parse key") err = os.ErrorString("crypto/tls: failed to parse key")
return return
} }
@ -112,7 +112,7 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
} }
if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 { if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 {
err = os.ErrorString("Private key does not match public key") err = os.ErrorString("crypto/tls: private key does not match public key")
return return
} }