nicolas314 / 2cca Goto Github PK
View Code? Open in Web Editor NEW2-cent Certification Authority
License: MIT License
2-cent Certification Authority
License: MIT License
I am trying to build 2cca on debian (jessie and stretch, same problem).
I installed these:
apt -y install build-essential libssl-dev
GCC version:
gcc --version
gcc (Debian 6.3.0-14) 6.3.0 20170415
libssl-dev version:
Version: 1.1.0e-1
When I compile I get:
# gcc -o 2cca 2cca.c -lcrypto
2cca.c: In function ‘build_identity’:
2cca.c:239:9: warning: ‘RSA_generate_key’ is deprecated [-Wdeprecated-declarations]
rsa = RSA_generate_key(certinfo.rsa_keysz, RSA_F4, progress, 0);
^~~
In file included from /usr/include/openssl/rsa.h:13:0,
from /usr/include/openssl/x509.h:31,
from /usr/include/openssl/pem.h:17,
from 2cca.c:19:
/usr/include/openssl/rsa.h:193:1: note: declared here
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
^
2cca.c: In function ‘show_crl’:
2cca.c:398:34: error: dereferencing pointer to incomplete type ‘X509_REVOKED {aka struct x509_revoked_st}’
i2a_ASN1_INTEGER(out, rev->serialNumber);
^~
Any idea?
Just wanted to let you know that i forked your project, added package.json
with the compile script and published it https://www.npmjs.com/package/2cca because I used it as a dev dependency in some projects.
I haven't made any changes (other than package.json) and so far I've merged all your changes. If you want to maintain it yourself, let me know.
Generating a root certificate seems to only allow 1-month duration. I put days=3650 and days=365 but it is not honoring it. Is this working for you?
Hi, first of all thanks for python implementation for PKI!
Cert generated with python script has theese exclamations:
http://prntscr.com/cv88j3
But cert generated with EasyRSA hasn't. Is it some kind of issue?
I'm able to build against the (now unsupported) OpenSSL 1.0.2, or LibreSSL 3.1.3, but not OpenSSL 1.1.1g.
Using the following Nix derivation (to reproducibly specify the build environment when combined with a pinned version of nixpkgs; using a snapshot of nixos-20.09 for the below):
{ nixpkgs ? import <nixpkgs> {}, stdenv ? nixpkgs.stdenv, openssl ? nixpkgs.openssl, fetchFromGitHub ? nixpkgs.fetchFromGitHub }:
stdenv.mkDerivation rec {
pname = "2cca";
version = "20201005";
src = fetchFromGitHub {
owner = "nicolas314";
repo = pname;
rev = "d27fc5d2a7d99d687c3eff895a5a3cd5bc260b64";
sha256 = "1iwi3wq5p0jjnrmrbhxbamh96an4j2c609y2pjs3nsz9ak0bzpi9";
};
nativeBuildInputs = [ openssl ];
installPhase = ''
mkdir -p $out/bin
cp -- 2cca{,.py} $out/bin/
'';
}
...I receive the error:
building '/nix/store/szaxvcinfh9acgvxhb7h3vzl6p1yknva-2cca-20201005.drv'...
unpacking sources
unpacking source archive /nix/store/n73cp8mhc12c7axvlsi8qgl97dyl1gig-source
source root is source
patching sources
configuring
no configure script, doing nothing
building
build flags: SHELL=/nix/store/2jysm3dfsgby5sw5jgj43qjrb5v79ms9-bash-4.4-p23/bin/bash
gcc -g -Wall -o 2cca 2cca.c -lcrypto
2cca.c: In function 'build_identity':
2cca.c:239:9: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations]
239 | rsa = RSA_generate_key(certinfo.rsa_keysz, RSA_F4, progress, 0);
| ^~~
In file included from /nix/store/lwcrmj44j6s5ww3j0ybar2jc7kf9ddzq-openssl-1.1.1g-dev/include/openssl/e_os2.h:13,
from /nix/store/lwcrmj44j6s5ww3j0ybar2jc7kf9ddzq-openssl-1.1.1g-dev/include/openssl/asn1.h:14,
from 2cca.c:15:
/nix/store/lwcrmj44j6s5ww3j0ybar2jc7kf9ddzq-openssl-1.1.1g-dev/include/openssl/rsa.h:235:1: note: declared here
235 | DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
| ^~~~~~~~~~~~~~~~~~
2cca.c: In function 'show_crl':
2cca.c:398:34: error: dereferencing pointer to incomplete type 'X509_REVOKED' {aka 'struct x509_revoked_st'}
398 | i2a_ASN1_INTEGER(out, rev->serialNumber);
| ^~
2cca.c: In function 'set_serial128':
2cca.c:93:5: warning: ignoring return value of 'fread', declared with attribute warn_unused_result [-Wunused-result]
93 | fread(c_serial, SERIAL_SZ, 1, urandom);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
make: *** [Makefile:23: 2cca] Error 1
builder for '/nix/store/szaxvcinfh9acgvxhb7h3vzl6p1yknva-2cca-20201005.drv' failed with exit code 2
error: build of '/nix/store/szaxvcinfh9acgvxhb7h3vzl6p1yknva-2cca-20201005.drv' failed
Is I know, os.urandom is the best random generator, but it not guarantees that generated numbers is totally unique.
uuid.uuid otherwise guarantees unique numbers, but less random and therefore less secure.
So is it possible to recieve serial number collisions on a very big amount of generated certs?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.