Recent

Author Topic: How to generate certificates example the easy way  (Read 3909 times)

toby

  • Sr. Member
  • ****
  • Posts: 270
Re: How to generate certificates example the easy way
« Reply #15 on: March 17, 2024, 10:34:47 pm »
Fibonacci said :
No. Why should it if both Now() and LNow return the same type? Now() is already TDateTime, dont cast it to TDateTime, it wont do anything.

then why is it in his code?
LNow := TDateTime(Now());
L10Now := TDateTime(IncYear(Now(), 10));

i am on linux btw

Fibonacci

  • Hero Member
  • *****
  • Posts: 647
  • Internal Error Hunter
Re: How to generate certificates example the easy way
« Reply #16 on: March 17, 2024, 10:37:13 pm »
I have no idea :D Thats not my code. You can shorten it to:

Code: Pascal  [Select][+][-]
  1. LNow := Now;
  2. L10Now := IncYear(LNow, 10);

toby

  • Sr. Member
  • ****
  • Posts: 270
Re: How to generate certificates example the easy way
« Reply #17 on: March 17, 2024, 10:43:17 pm »
Fibonacci i assume you are using windows

i get the same with thaddy's original code where there is no direct use of now and now + 10 yeears  so it should default to 30 days

is there a problem in the linux fpopenssl.pp?


Fibonacci

  • Hero Member
  • *****
  • Posts: 647
  • Internal Error Hunter
Re: How to generate certificates example the easy way
« Reply #18 on: March 17, 2024, 10:46:08 pm »
May be. Lets wait for someone else to confirm (on Linux), and then perhaps we can report an issue.

EDIT: Actually, I checked it myself. Linux Mint.

Code: Pascal  [Select][+][-]
  1.         Version: 1 (0x0)
  2.         Serial Number: 10 (0xa)
  3.         Signature Algorithm: sha1WithRSAEncryption
  4.         Issuer: C = DZ, CN = uc1.uccenos.net, O = uccen
  5.         Validity
  6.             Not Before: Bad time value
  7.             Not After : Bad time value
  8.         Subject: C = DZ, CN = uc1.uccenos.net, O = uccen

OpenSSL 3.0.2 15 Mar 2022
« Last Edit: March 17, 2024, 10:53:22 pm by Fibonacci »

toby

  • Sr. Member
  • ****
  • Posts: 270
Re: How to generate certificates example the easy way
« Reply #19 on: March 17, 2024, 11:10:41 pm »
i'm gonna take a guess that the problem is in this fpopenssl.pp  procedure :)

Code: Pascal  [Select][+][-]
  1. Procedure TOpenSSLX509Certificate.SetTimes(x : PX509);
  2. var
  3.   Utc : PASN1_UTCTIME;
  4. begin
  5.   Utc:=Asn1UtctimeNew;
  6.   try
  7. ASN1UtcTimeSetString(Utc,PAnsiChar(FormatDateTime('YYMMDDHHNNSS',ValidFrom)));
  8.     X509SetNotBefore(x, Utc);
  9. SN1UtcTimeSetString(Utc,PAnsiChar(FormatDateTime('YYMMDDHHNNSS',ValidTo)));
  10.     X509SetNotAfter(x,Utc);
  11.   finally
  12.     Asn1UtctimeFree(Utc);
  13.   end;
  14. end;
  15.  

Fibonacci

  • Hero Member
  • *****
  • Posts: 647
  • Internal Error Hunter
Re: How to generate certificates example the easy way
« Reply #20 on: March 17, 2024, 11:13:29 pm »
Probably. In trunk this proc looks different.

3 months ago this was changed:
https://gitlab.com/freepascal.org/fpc/source/-/commit/fb9bcac2d3c1dd1178b6a7ce090e0345014ad04f

How old is your installation? Cos mine is surely older than 3 months :)



This is it. Confirmed. Update the unit and it works fine.
« Last Edit: March 17, 2024, 11:22:57 pm by Fibonacci »

toby

  • Sr. Member
  • ****
  • Posts: 270
Re: How to generate certificates example the easy way
« Reply #21 on: March 17, 2024, 11:25:46 pm »
for sure - 6 months
fpc-3.3.1 9/15/23

BSaidus

  • Hero Member
  • *****
  • Posts: 607
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: How to generate certificates example the easy way
« Reply #22 on: March 17, 2024, 11:45:13 pm »
I've tested the prog using trunk version of fpc. It works well.
Fibonacci said :
No. Why should it if both Now() and LNow return the same type? Now() is already TDateTime, dont cast it to TDateTime, it wont do anything.

then why is it in his code?
LNow := TDateTime(Now());
L10Now := TDateTime(IncYear(Now(), 10));

i am on linux btw
Yes then Now() return TDateTime, I did that just to be sur I do well, but you can do without casting.

It will be better to add property 'SUBJECT' of type string to mimic the openssl subject.
trying to decode the generated certificate it lakes some params & SHA1 is depricated

Quote
Certificate Information:
Common Name: uc1.uccenos.net
Subject Alternative Names (SANs): N/A
Organization: uccen
Locality: N/A
State: N/A
Country: DZ
Valid From: 2024-03-17 23:43:24 UTC
Valid To: 2034-03-17 23:43:24 UTC
Issuer: uc1.uccenos.net
Serial Number: 0A
Algorithm: sha1WithRSAEncryption
Key size: 2048
lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

toby

  • Sr. Member
  • ****
  • Posts: 270
Re: How to generate certificates example the easy way
« Reply #23 on: March 18, 2024, 12:22:21 am »
BSaidus

yes very nice now with the updated fpopenssl.pp (also needed to update the openssl.pp)-

your adding the
XL509 : TOpenSSLX509Certificate;
class code is a very nice addition/completion to the original posters code.

adding openssl Subject woruld be good :)

you can 'decode' the cert with
openssl x509 -in x509.txt -text -noout


Thaddy

  • Hero Member
  • *****
  • Posts: 16419
  • Censorship about opinions does not belong here.
Re: How to generate certificates example the easy way
« Reply #24 on: March 18, 2024, 06:27:39 am »
expect newer examples soon. michael authored some neat new code in trunk from saturday. (examples in fcl-hash)
There is nothing wrong with being blunt. At a minimum it is also honest.

toby

  • Sr. Member
  • ****
  • Posts: 270
Re: How to generate certificates example the easy way
« Reply #25 on: March 19, 2024, 07:38:19 pm »
BSaidus

to not need incyear (just to reduce needing dateutils in uses clause)

//L10Now := lnow + 3.6520000000000000E+003; // 10 year
L10Now := lnow + 3.6500000000000000E+002; // 1 year


however 'removing' dateutils didn't reduce size of resulting executable - so it must be used in one of the other units
same with classes and openssl


 

TinyPortal © 2005-2018