diff options
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index a897048a2..8a68e9df0 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1208,7 +1208,7 @@ static bool generate(private_builder_t *this) { chunk_t extensions = chunk_empty; identification_t *issuer, *subject; - chunk_t key_info, key; + chunk_t key_info; signature_scheme_t scheme; hasher_t *hasher; @@ -1241,32 +1241,25 @@ static bool generate(private_builder_t *this) } this->cert->flags = this->flags; + /* select signature scheme. TODO: support other hashes. */ switch (this->sign_key->get_type(this->sign_key)) { case KEY_RSA: this->cert->algorithm = OID_SHA1_WITH_RSA; scheme = SIGN_RSA_EMSA_PKCS1_SHA1; break; + case KEY_ECDSA: + scheme = SIGN_ECDSA_WITH_SHA1; + this->cert->algorithm = OID_ECDSA_WITH_SHA1; + break; default: return FALSE; } - - switch (this->cert->public_key->get_type(this->cert->public_key)) + if (!this->cert->public_key->get_encoding(this->cert->public_key, + KEY_PUB_SPKI_ASN1_DER, &key_info)) { - case KEY_RSA: - if (!this->cert->public_key->get_encoding(this->cert->public_key, - KEY_PUB_ASN1_DER, &key)) - { - return FALSE; - } - key_info = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", key)); - break; - default: - return FALSE; + return FALSE; } - if (this->cert->subjectAltNames->get_count(this->cert->subjectAltNames)) { /* TODO: encode subjectAltNames */ |