mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-14 19:41:33 +01:00
Code Issues Projects Releases Wiki Activity
haproxy/include/haproxy/ssl_gencert.h
Frederic Lecaille 36b1fba871 MINOR: ssl/ckch: Move EVP_PKEY and cert code generation from acme 
Move acme_EVP_PKEY_gen() implementation to ssl_gencrt.c and rename it to
ssl_EVP_PKEY_gen().  Also extract from acme_gen_tmp_x509() the generic
part to implement ssl_gen_x509() into ssl_gencrt.c.

To generate a self-signed expired certificate ssl_EVP_PKEY_gen() must be
used to generate the private key. Then, ssl_gen_x509() must be called
with the private key as argument.  acme_gen_tmp_x509() is also modified
to called these two functions to generate a temporary certificate has
done before modifying this part.

Such an expired self-signed certificate should not be use on the field
but only during testing and development steps.
2026-02-19 14:46:47 +01:00

40 lines
1.7 KiB
C
Raw Blame History

/*
* include/haproxy/ssl_gencert.h
* This file contains definition for ssl 'generate-certificates' option.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef _HAPROXY_SSL_GENCERT_H
#define _HAPROXY_SSL_GENCERT_H
#ifdef USE_OPENSSL
#include <haproxy/listener-t.h>
#include <haproxy/ssl_sock-t.h>
int ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl);
int ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl);
SSL_CTX *ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl);
SSL_CTX *ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf);
int ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int key, struct bind_conf *bind_conf);
unsigned int ssl_sock_generated_cert_key(const void *data, size_t len);
int ssl_sock_gencert_load_ca(struct bind_conf *bind_conf);
void ssl_sock_gencert_free_ca(struct bind_conf *bind_conf);
EVP_PKEY *ssl_gen_EVP_PKEY(int keytype, int curves, int bits, char **errmsg);
X509 *ssl_gen_x509(EVP_PKEY *pkey);
#endif /* USE_OPENSSL */
#endif /* _HAPROXY_SSL_GENCERT_H */
Reference in New Issue View Git Blame Copy Permalink