### Bookstore

 Computer Math and Games in Pascal (preview) Lazarus Handbook

### Author Topic: How to generate certificates example the easy way  (Read 3041 times)

#### toby

• Sr. Member
• Posts: 254
##### Re: How to generate certificates example the easy way
« Reply #15 on: March 17, 2024, 10:34:47 pm »
Fibonacci said :
No. Why should it if both Now() and LNow return the same type? Now() is already TDateTime, dont cast it to TDateTime, it wont do anything.

then why is it in his code?
LNow := TDateTime(Now());
L10Now := TDateTime(IncYear(Now(), 10));

i am on linux btw

#### Fibonacci

• Sr. Member
• Posts: 429
##### Re: How to generate certificates example the easy way
« Reply #16 on: March 17, 2024, 10:37:13 pm »
I have no idea Thats not my code. You can shorten it to:

Code: Pascal  [Select][+][-]
1. LNow := Now;
2. L10Now := IncYear(LNow, 10);

#### toby

• Sr. Member
• Posts: 254
##### Re: How to generate certificates example the easy way
« Reply #17 on: March 17, 2024, 10:43:17 pm »
Fibonacci i assume you are using windows

i get the same with thaddy's original code where there is no direct use of now and now + 10 yeears  so it should default to 30 days

is there a problem in the linux fpopenssl.pp?

#### Fibonacci

• Sr. Member
• Posts: 429
##### Re: How to generate certificates example the easy way
« Reply #18 on: March 17, 2024, 10:46:08 pm »
May be. Lets wait for someone else to confirm (on Linux), and then perhaps we can report an issue.

EDIT: Actually, I checked it myself. Linux Mint.

Code: Pascal  [Select][+][-]
1.         Version: 1 (0x0)
2.         Serial Number: 10 (0xa)
3.         Signature Algorithm: sha1WithRSAEncryption
4.         Issuer: C = DZ, CN = uc1.uccenos.net, O = uccen
5.         Validity
6.             Not Before: Bad time value
7.             Not After : Bad time value
8.         Subject: C = DZ, CN = uc1.uccenos.net, O = uccen

OpenSSL 3.0.2 15 Mar 2022
« Last Edit: March 17, 2024, 10:53:22 pm by Fibonacci »

#### toby

• Sr. Member
• Posts: 254
##### Re: How to generate certificates example the easy way
« Reply #19 on: March 17, 2024, 11:10:41 pm »
i'm gonna take a guess that the problem is in this fpopenssl.pp  procedure

Code: Pascal  [Select][+][-]
1. Procedure TOpenSSLX509Certificate.SetTimes(x : PX509);
2. var
3.   Utc : PASN1_UTCTIME;
4. begin
5.   Utc:=Asn1UtctimeNew;
6.   try
7. ASN1UtcTimeSetString(Utc,PAnsiChar(FormatDateTime('YYMMDDHHNNSS',ValidFrom)));
8.     X509SetNotBefore(x, Utc);
9. SN1UtcTimeSetString(Utc,PAnsiChar(FormatDateTime('YYMMDDHHNNSS',ValidTo)));
10.     X509SetNotAfter(x,Utc);
11.   finally
12.     Asn1UtctimeFree(Utc);
13.   end;
14. end;
15.

#### Fibonacci

• Sr. Member
• Posts: 429
##### Re: How to generate certificates example the easy way
« Reply #20 on: March 17, 2024, 11:13:29 pm »
Probably. In trunk this proc looks different.

3 months ago this was changed:

How old is your installation? Cos mine is surely older than 3 months

This is it. Confirmed. Update the unit and it works fine.
« Last Edit: March 17, 2024, 11:22:57 pm by Fibonacci »

#### toby

• Sr. Member
• Posts: 254
##### Re: How to generate certificates example the easy way
« Reply #21 on: March 17, 2024, 11:25:46 pm »
for sure - 6 months
fpc-3.3.1 9/15/23

#### BSaidus

• Hero Member
• Posts: 545
• lazarus 1.8.4 Win8.1 / cross FreeBSD
##### Re: How to generate certificates example the easy way
« Reply #22 on: March 17, 2024, 11:45:13 pm »
I've tested the prog using trunk version of fpc. It works well.
Fibonacci said :
No. Why should it if both Now() and LNow return the same type? Now() is already TDateTime, dont cast it to TDateTime, it wont do anything.

then why is it in his code?
LNow := TDateTime(Now());
L10Now := TDateTime(IncYear(Now(), 10));

i am on linux btw
Yes then Now() return TDateTime, I did that just to be sur I do well, but you can do without casting.

It will be better to add property 'SUBJECT' of type string to mimic the openssl subject.
trying to decode the generated certificate it lakes some params & SHA1 is depricated

Quote
Certificate Information:
Common Name: uc1.uccenos.net
Subject Alternative Names (SANs): N/A
Organization: uccen
Locality: N/A
State: N/A
Country: DZ
Valid From: 2024-03-17 23:43:24 UTC
Valid To: 2034-03-17 23:43:24 UTC
Issuer: uc1.uccenos.net
Serial Number: 0A
Algorithm: sha1WithRSAEncryption
Key size: 2048
lazarus 1.8.4 Win8.1 / cross FreeBSD

#### toby

• Sr. Member
• Posts: 254
##### Re: How to generate certificates example the easy way
« Reply #23 on: March 18, 2024, 12:22:21 am »
BSaidus

yes very nice now with the updated fpopenssl.pp (also needed to update the openssl.pp)-

XL509 : TOpenSSLX509Certificate;
class code is a very nice addition/completion to the original posters code.

adding openssl Subject woruld be good

you can 'decode' the cert with
openssl x509 -in x509.txt -text -noout

• Hero Member
• Posts: 14575
• Sensorship about opinions does not belong here.
##### Re: How to generate certificates example the easy way
« Reply #24 on: March 18, 2024, 06:27:39 am »
expect newer examples soon. michael authored some neat new code in trunk from saturday. (examples in fcl-hash)
bitrate is always calculated like this:sample rate * bitdepth * number of channels.

#### toby

• Sr. Member
• Posts: 254
##### Re: How to generate certificates example the easy way
« Reply #25 on: March 19, 2024, 07:38:19 pm »
BSaidus

to not need incyear (just to reduce needing dateutils in uses clause)

//L10Now := lnow + 3.6520000000000000E+003; // 10 year
L10Now := lnow + 3.6500000000000000E+002; // 1 year

however 'removing' dateutils didn't reduce size of resulting executable - so it must be used in one of the other units
same with classes and openssl