sslGenerateCertificate: Don't use the shell
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
parent
3115eb4995
commit
e20a7d2536
1 changed files with 25 additions and 10 deletions
|
@ -58,6 +58,7 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include "libhttp/ssl.h"
|
#include "libhttp/ssl.h"
|
||||||
|
@ -347,18 +348,32 @@ static void sslGenerateCertificate(const char *certificate,
|
||||||
const char *serverName) {
|
const char *serverName) {
|
||||||
debug("Auto-generating missing certificate \"%s\" for \"%s\"",
|
debug("Auto-generating missing certificate \"%s\" for \"%s\"",
|
||||||
certificate, serverName);
|
certificate, serverName);
|
||||||
char *cmd = stringPrintf(NULL,
|
|
||||||
"set -e; "
|
pid_t pid = fork();
|
||||||
"exec 2>/dev/null </dev/null; "
|
if (pid == -1) {
|
||||||
"umask 0377; "
|
warn("Failed to generate self-signed certificate \"%s\"", certificate);
|
||||||
"PATH=/usr/bin:/usr/sbin "
|
} else if (pid == 0) {
|
||||||
"openssl req -x509 -nodes -days 7300 -newkey rsa:1024 -keyout /dev/stdout "
|
int fd = NOINTR(open("/dev/null", O_RDONLY));
|
||||||
"-out /dev/stdout -subj '/CN=%s/' | cat>'%s'",
|
check(fd != -1);
|
||||||
serverName, certificate);
|
check(NOINTR(dup2(fd, STDERR_FILENO)) == STDERR_FILENO);
|
||||||
if (system(cmd)) {
|
check(NOINTR(close(fd)) == 0);
|
||||||
|
fd = NOINTR(open("/dev/null", O_WRONLY));
|
||||||
|
check(fd != -1);
|
||||||
|
check(NOINTR(dup2(fd, STDIN_FILENO)) == STDIN_FILENO);
|
||||||
|
check(NOINTR(close(fd)) == 0);
|
||||||
|
umask(077);
|
||||||
|
check(setenv("PATH", "/usr/bin:/usr/sbin", 1) == 0);
|
||||||
|
execlp("openssl", "openssl", "req", "-x509", "-nodes", "-days", "7300",
|
||||||
|
"-newkey", "rsa:1024", "-keyout", certificate, "-out", certificate,
|
||||||
|
"-subj", stringPrintf(NULL, "/CN=%s/", serverName),
|
||||||
|
(char *)NULL);
|
||||||
|
check(0);
|
||||||
|
} else {
|
||||||
|
int status;
|
||||||
|
check(NOINTR(waitpid(pid, &status, 0)) == pid);
|
||||||
|
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
|
||||||
warn("Failed to generate self-signed certificate \"%s\"", certificate);
|
warn("Failed to generate self-signed certificate \"%s\"", certificate);
|
||||||
}
|
}
|
||||||
free(cmd);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static const unsigned char *sslSecureReadASCIIFileToMem(int fd) {
|
static const unsigned char *sslSecureReadASCIIFileToMem(int fd) {
|
||||||
|
|
Loading…
Reference in a new issue