8000 Allow to configure validity period of generated certificates · harvic3/esp32_https_server@b18fc37 · GitHub
[go: up one dir, main page]
Skip to content

Commit b18fc37

Browse files
fhesselfhessel
committed
Allow to configure validity period of generated certificates
1 parent b37ec0c commit b18fc37

File tree

3 files changed

+18
-7
lines changed

3 files changed

+18
-7
lines changed

examples/Self-Signed-Certificate/Self-Signed-Certificate.ino

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,15 @@ void setup() {
5656
// - Distinguished name: The name of the host as used in certificates.
5757
// If you want to run your own DNS, the part after CN (Common Name) should match the DNS
5858
// entry pointing to your ESP32. You can try to insert an IP there, but that's not really good style.
59-
int createCertResult = createSelfSignedCert(*cert, KEYSIZE_2048, "CN=myesp32.local,O=FancyCompany,C=DE");
59+
// - Dates for certificate validity (optional, default is 2019-2029, both included)
60+
// Format is YYYYMMDDhhmmss
61+
int createCertResult = createSelfSignedCert(
62+
*cert,
63+
KEYSIZE_2048,
64+
"CN=myesp32.local,O=FancyCompany,C=DE",
65+
"20190101000000",
66+
"20300101000000"
67+
);
6068

6169
// Now check if creating that worked
6270
if (createCertResult != 0) {

src/SSLCert.cpp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ static int gen_key(SSLCert &certCtx, SSLKeySize keySize) {
151151
*
152152
* Based on programs/x509/cert_write.c
153153
*/
154-
static int cert_write(SSLCert &certCtx, std::string dn) {
154+
static int cert_write(SSLCert &certCtx, std::string dn, std::string validityFrom, std::string validityTo) {
155155
int funcRes = 0;
156156
int stepRes = 0;
157157

@@ -210,7 +210,7 @@ static int cert_write(SSLCert &certCtx, std::string dn) {
210210
}
211211

212212
// Set the validity of the certificate. At the moment, it's fixed from 2019 to end of 2029.
213-
stepRes = mbedtls_x509write_crt_set_validity( &crt, "20190101000000", "20300101000000");
213+
stepRes = mbedtls_x509write_crt_set_validity( &crt, validityFrom.c_str(), validityTo.c_str());
214214
if (stepRes != 0) {
215215
funcRes = HTTPS_SERVER_ERROR_CERTGEN_VALIDITY;
216216
goto error_after_cert;
@@ -284,8 +284,8 @@ static int cert_write(SSLCert &certCtx, std::string dn) {
284284
return funcRes;
285285
}
286286

287-
int createSelfSignedCert(SSLCert &certCtx, SSLKeySize keySize, std::string dn) {
288-
287+
int createSelfSignedCert(SSLCert &certCtx, SSLKeySize keySize, std::string dn, std::string validFrom, std::string validUntil) {
288+
289289
// Add the private key
290290
int keyRes = gen_key(certCtx, keySize);
291291
if (keyRes != 0) {
@@ -294,7 +294,7 @@ int createSelfSignedCert(SSLCert &certCtx, SSLKeySize keySize, std::string dn) {
294294
}
295295

296296
// Add the self-signed certificate
297-
int certRes = cert_write(certCtx, dn);
297+
int certRes = cert_write(certCtx, dn, validFrom, validUntil);
298298
if (certRes != 0) {
299299
// Cert writing failed, reset the pk and return failure code
300300
certCtx.setPK(NULL, 0);

src/SSLCert.hpp

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,10 +77,13 @@ enum SSLKeySize {
7777
* would be:
7878
* CN=myesp.local,O=acme,C=US
7979
*
80+
* The strings validFrom and validUntil have to be formatted like this:
81+
* "20190101000000", "20300101000000"
82+
*
8083
* This will take some time, so you should probably write the certificate data to non-volatile
8184
* storage when you are done.
8285
*/
83-
int createSelfSignedCert(SSLCert &certCtx, SSLKeySize keySize, std::string dn);
86+
int createSelfSignedCert(SSLCert &certCtx, SSLKeySize keySize, std::string dn, std::string validFrom = "20190101000000", std::string validUntil = "20300101000000");
8487

8588
#endif // !HTTPS_DISABLE_SELFSIGNING
8689

0 commit comments

Comments
 (0)
0