Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/SoftEtherVPN/SoftEtherVPN_Stable.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/Mayaqua/Encrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Mayaqua/Encrypt.c')
-rw-r--r--src/Mayaqua/Encrypt.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c
index d2b985d8..2f1b0016 100644
--- a/src/Mayaqua/Encrypt.c
+++ b/src/Mayaqua/Encrypt.c
@@ -14,7 +14,6 @@
// Author: Daiyuu Nobori
// Comments: Tetsuo Sugiyama, Ph.D.
//
-//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// version 2 as published by the Free Software Foundation.
@@ -85,6 +84,13 @@
// http://www.softether.org/ and ask your question on the users forum.
//
// Thank you for your cooperation.
+//
+//
+// NO MEMORY OR RESOURCE LEAKS
+// ---------------------------
+//
+// The memory-leaks and resource-leaks verification under the stress
+// test has been passed before release this source code.
// Encrypt.c
@@ -1806,7 +1812,6 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
notBefore = SystemTime64();
notAfter = notBefore + (UINT64)days * (UINT64)3600 * (UINT64)24 * (UINT64)1000;
-
// Creating a X509
x509 = X509_new();
if (x509 == NULL)
@@ -1814,6 +1819,9 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
return NULL;
}
+ // Make it a v3 certificate
+ X509_set_version(x509, 2L);
+
// Set the Expiration
t1 = X509_get_notBefore(x509);
t2 = X509_get_notAfter(x509);
@@ -1873,7 +1881,8 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
X509_set_pubkey(x509, pub->pkey);
// Signature
- X509_sign(x509, priv->pkey, EVP_sha1());
+ // 2014.3.19 set the initial digest algorithm to SHA-256
+ X509_sign(x509, priv->pkey, EVP_sha256());
}
Unlock(openssl_lock);
@@ -1915,6 +1924,9 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
return NULL;
}
+ // Make it a v3 certificate
+ X509_set_version(x509, 2L);
+
// Set the Expiration
t1 = X509_get_notBefore(x509);
t2 = X509_get_notAfter(x509);
@@ -1975,7 +1987,8 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
X509_set_pubkey(x509, pub->pkey);
// Signature
- X509_sign(x509, priv->pkey, EVP_sha1());
+ // 2014.3.19 set the initial digest algorithm to SHA-256
+ X509_sign(x509, priv->pkey, EVP_sha256());
}
Unlock(openssl_lock);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 23:28:29 +0300