nicolas314 / 2cca Goto Github PK

View Code? Open in Web Editor NEW

28.0 28.0 12.0 49 KB

2-cent Certification Authority

License: MIT License

Python 31.59% C 67.05% Makefile 1.35%

crt hacktoberfest2020 openssl-commands openvpn rootca

2cca's People

Contributors

Stargazers

Watchers

Forkers

randunel sugonyak joshland milaq markush podjacker zsoltm tiefpunkt leonamtv rohanza

2cca's Issues

Are generated serial numbers unique?

Is I know, os.urandom is the best random generator, but it not guarantees that generated numbers is totally unique.

uuid.uuid otherwise guarantees unique numbers, but less random and therefore less secure.

So is it possible to recieve serial number collisions on a very big amount of generated certs?

Published on npmjs.com

Just wanted to let you know that i forked your project, added package.json with the compile script and published it https://www.npmjs.com/package/2cca because I used it as a dev dependency in some projects.

I haven't made any changes (other than package.json) and so far I've merged all your changes. If you want to maintain it yourself, let me know.

the generation of for root is only 1-month

Generating a root certificate seems to only allow 1-month duration. I put days=3650 and days=365 but it is not honoring it. Is this working for you?

Some properties in CA cert with exclamation

Hi, first of all thanks for python implementation for PKI!

Cert generated with python script has theese exclamations:
http://prntscr.com/cv88j3

But cert generated with EasyRSA hasn't. Is it some kind of issue?

Build failure against openssl 1.1.1g

I'm able to build against the (now unsupported) OpenSSL 1.0.2, or LibreSSL 3.1.3, but not OpenSSL 1.1.1g.

Using the following Nix derivation (to reproducibly specify the build environment when combined with a pinned version of nixpkgs; using a snapshot of nixos-20.09 for the below):

{ nixpkgs ? import <nixpkgs> {}, stdenv ? nixpkgs.stdenv, openssl ? nixpkgs.openssl, fetchFromGitHub ? nixpkgs.fetchFromGitHub }:

stdenv.mkDerivation rec {
  pname = "2cca";
  version = "20201005";

  src = fetchFromGitHub {
    owner = "nicolas314";
    repo = pname;
    rev = "d27fc5d2a7d99d687c3eff895a5a3cd5bc260b64";
    sha256 = "1iwi3wq5p0jjnrmrbhxbamh96an4j2c609y2pjs3nsz9ak0bzpi9";
  };

  nativeBuildInputs = [ openssl ];

  installPhase = ''
    mkdir -p $out/bin
    cp -- 2cca{,.py} $out/bin/
  '';
}

...I receive the error:

building '/nix/store/szaxvcinfh9acgvxhb7h3vzl6p1yknva-2cca-20201005.drv'...
unpacking sources
unpacking source archive /nix/store/n73cp8mhc12c7axvlsi8qgl97dyl1gig-source
source root is source
patching sources
configuring
no configure script, doing nothing
building
build flags: SHELL=/nix/store/2jysm3dfsgby5sw5jgj43qjrb5v79ms9-bash-4.4-p23/bin/bash
gcc -g -Wall -o 2cca 2cca.c -lcrypto
2cca.c: In function 'build_identity':
2cca.c:239:9: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations]
  239 |         rsa = RSA_generate_key(certinfo.rsa_keysz, RSA_F4, progress, 0);
      |         ^~~
In file included from /nix/store/lwcrmj44j6s5ww3j0ybar2jc7kf9ddzq-openssl-1.1.1g-dev/include/openssl/e_os2.h:13,
                 from /nix/store/lwcrmj44j6s5ww3j0ybar2jc7kf9ddzq-openssl-1.1.1g-dev/include/openssl/asn1.h:14,
                 from 2cca.c:15:
/nix/store/lwcrmj44j6s5ww3j0ybar2jc7kf9ddzq-openssl-1.1.1g-dev/include/openssl/rsa.h:235:1: note: declared here
  235 | DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
      | ^~~~~~~~~~~~~~~~~~
2cca.c: In function 'show_crl':
2cca.c:398:34: error: dereferencing pointer to incomplete type 'X509_REVOKED' {aka 'struct x509_revoked_st'}
  398 |         i2a_ASN1_INTEGER(out, rev->serialNumber);
      |                                  ^~
2cca.c: In function 'set_serial128':
2cca.c:93:5: warning: ignoring return value of 'fread', declared with attribute warn_unused_result [-Wunused-result]
   93 |     fread(c_serial, SERIAL_SZ, 1, urandom);
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
make: *** [Makefile:23: 2cca] Error 1
builder for '/nix/store/szaxvcinfh9acgvxhb7h3vzl6p1yknva-2cca-20201005.drv' failed with exit code 2
error: build of '/nix/store/szaxvcinfh9acgvxhb7h3vzl6p1yknva-2cca-20201005.drv' failed

Build failed on debian

I am trying to build 2cca on debian (jessie and stretch, same problem).

I installed these:

apt -y install build-essential libssl-dev

GCC version:

gcc --version
gcc (Debian 6.3.0-14) 6.3.0 20170415

libssl-dev version:

Version: 1.1.0e-1

When I compile I get:

# gcc -o 2cca 2cca.c -lcrypto
2cca.c: In function ‘build_identity’:
2cca.c:239:9: warning: ‘RSA_generate_key’ is deprecated [-Wdeprecated-declarations]
         rsa = RSA_generate_key(certinfo.rsa_keysz, RSA_F4, progress, 0);
         ^~~
In file included from /usr/include/openssl/rsa.h:13:0,
                 from /usr/include/openssl/x509.h:31,
                 from /usr/include/openssl/pem.h:17,
                 from 2cca.c:19:
/usr/include/openssl/rsa.h:193:1: note: declared here
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
 ^
2cca.c: In function ‘show_crl’:
2cca.c:398:34: error: dereferencing pointer to incomplete type ‘X509_REVOKED {aka struct x509_revoked_st}’
         i2a_ASN1_INTEGER(out, rev->serialNumber);
                                  ^~

Any idea?

nicolas314 / 2cca Goto Github PK

2cca's People

Contributors

Stargazers

Watchers

Forkers

2cca's Issues

Are generated serial numbers unique?

Published on npmjs.com

the generation of for root is only 1-month

Some properties in CA cert with exclamation

Build failure against openssl 1.1.1g

Build failed on debian

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent