Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(694)

Side by Side Diff: src/pkg/crypto/tls/generate_cert.go

Issue 5448093: crypto/tls: Make TLS Client Authentication work according to the spec (Closed)
Patch Set: diff -r b16a53f58594 https://code.google.com/p/go/ Created 12 years, 3 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2009 The Go Authors. All rights reserved. 1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 // Generate a self-signed X.509 certificate for a TLS server. Outputs to 5 // Generate a self-signed X.509 certificate for a TLS server. Outputs to
6 // 'cert.pem' and 'key.pem' and will overwrite existing files. 6 // 'cert.pem' and 'key.pem' and will overwrite existing files.
7 7
8 package main 8 package main
9 9
10 import ( 10 import (
(...skipping 13 matching lines...) Expand all
24 24
25 func main() { 25 func main() {
26 flag.Parse() 26 flag.Parse()
27 27
28 priv, err := rsa.GenerateKey(rand.Reader, 1024) 28 priv, err := rsa.GenerateKey(rand.Reader, 1024)
29 if err != nil { 29 if err != nil {
30 log.Fatalf("failed to generate private key: %s", err) 30 log.Fatalf("failed to generate private key: %s", err)
31 return 31 return
32 } 32 }
33 33
34 » now := time.Seconds() 34 » now := time.Now().In(time.UTC)
bradfitz 2011/12/22 19:13:06 Why In(time.UTC)? The time.Now() and time.Now().I
35 35
36 template := x509.Certificate{ 36 template := x509.Certificate{
37 SerialNumber: new(big.Int).SetInt64(0), 37 SerialNumber: new(big.Int).SetInt64(0),
38 Subject: pkix.Name{ 38 Subject: pkix.Name{
39 CommonName: *hostName, 39 CommonName: *hostName,
40 Organization: []string{"Acme Co"}, 40 Organization: []string{"Acme Co"},
41 }, 41 },
42 » » NotBefore: time.SecondsToUTC(now - 300), 42 » » NotBefore: now.Add(-300 * time.Second),
bradfitz 2011/12/22 19:13:06 Sub(5 * time.Minute)
jra 2012/01/03 02:04:17 The docs say, "To compute t-d for a duration d, us
43 » » NotAfter: time.SecondsToUTC(now + 60*60*24*365), // valid for 1 year. 43 » » // valid for 1 year
44 » » NotAfter: now.Add(60 * 60 * 24 * 365 * time.Second),
bradfitz 2011/12/22 19:13:06 Add(365 * 24 * time.Hour)
jra 2012/01/03 02:04:17 Done.
44 45
45 SubjectKeyId: []byte{1, 2, 3, 4}, 46 SubjectKeyId: []byte{1, 2, 3, 4},
46 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigita lSignature, 47 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigita lSignature,
47 } 48 }
48 49
49 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &templat e, &priv.PublicKey, priv) 50 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &templat e, &priv.PublicKey, priv)
50 if err != nil { 51 if err != nil {
51 log.Fatalf("Failed to create certificate: %s", err) 52 log.Fatalf("Failed to create certificate: %s", err)
52 return 53 return
53 } 54 }
54 55
55 certOut, err := os.Create("cert.pem") 56 certOut, err := os.Create("cert.pem")
56 if err != nil { 57 if err != nil {
57 log.Fatalf("failed to open cert.pem for writing: %s", err) 58 log.Fatalf("failed to open cert.pem for writing: %s", err)
58 return 59 return
59 } 60 }
60 pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) 61 pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
61 certOut.Close() 62 certOut.Close()
62 log.Print("written cert.pem\n") 63 log.Print("written cert.pem\n")
63 64
64 keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC , 0600) 65 keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC , 0600)
65 if err != nil { 66 if err != nil {
66 log.Print("failed to open key.pem for writing:", err) 67 log.Print("failed to open key.pem for writing:", err)
67 return 68 return
68 } 69 }
69 pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.Marsh alPKCS1PrivateKey(priv)}) 70 pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.Marsh alPKCS1PrivateKey(priv)})
70 keyOut.Close() 71 keyOut.Close()
71 log.Print("written key.pem\n") 72 log.Print("written key.pem\n")
72 } 73 }
OLDNEW

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b