sslGenerateCertificate: Don't use the shell

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg 2012-01-11 19:28:36 -05:00 committed by Marc Singer
parent 3115eb4995
commit e20a7d2536

View file

@ -58,6 +58,7 @@
#include <string.h> #include <string.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
#include "libhttp/ssl.h" #include "libhttp/ssl.h"
@ -347,18 +348,32 @@ static void sslGenerateCertificate(const char *certificate,
const char *serverName) { const char *serverName) {
debug("Auto-generating missing certificate \"%s\" for \"%s\"", debug("Auto-generating missing certificate \"%s\" for \"%s\"",
certificate, serverName); certificate, serverName);
char *cmd = stringPrintf(NULL,
"set -e; " pid_t pid = fork();
"exec 2>/dev/null </dev/null; " if (pid == -1) {
"umask 0377; " warn("Failed to generate self-signed certificate \"%s\"", certificate);
"PATH=/usr/bin:/usr/sbin " } else if (pid == 0) {
"openssl req -x509 -nodes -days 7300 -newkey rsa:1024 -keyout /dev/stdout " int fd = NOINTR(open("/dev/null", O_RDONLY));
"-out /dev/stdout -subj '/CN=%s/' | cat>'%s'", check(fd != -1);
serverName, certificate); check(NOINTR(dup2(fd, STDERR_FILENO)) == STDERR_FILENO);
if (system(cmd)) { check(NOINTR(close(fd)) == 0);
fd = NOINTR(open("/dev/null", O_WRONLY));
check(fd != -1);
check(NOINTR(dup2(fd, STDIN_FILENO)) == STDIN_FILENO);
check(NOINTR(close(fd)) == 0);
umask(077);
check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0);
execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300",
"-newkey", "rsa:1024", "-keyout", certificate, "-out", certificate,
"-subj", stringPrintf(NULL, "/CN=%s/", serverName),
(char *)NULL);
check(0);
} else {
int status;
check(NOINTR(waitpid(pid, &status, 0)) == pid);
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
warn("Failed to generate self-signed certificate \"%s\"", certificate); warn("Failed to generate self-signed certificate \"%s\"", certificate);
} }
free(cmd);
} }
static const unsigned char *sslSecureReadASCIIFileToMem(int fd) { static const unsigned char *sslSecureReadASCIIFileToMem(int fd) {