Skip to content

Commit

Permalink
Merge pull request #6 from jgarzik/expire
Browse files Browse the repository at this point in the history 
Enable variable expiration date on certs
  • Loading branch information
@jgarzik
jgarzik authored Feb 20, 2024
2 parents 1264d60 + 33ed164 commit d35f174
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 3 deletions.
10 changes: 9 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ Tool to generate self-signed root CA, web server certs and keys
Usage: self-signed-cert [OPTIONS]
Options:
-o, --out-dir <OUT_DIR>
Output directory for PEM files [default: .]
--ca-key-out <CA_KEY_OUT>
root CA private key output path [default: ca-key.pem]
--ca-cert-out <CA_CERT_OUT>
Expand All @@ -47,6 +50,8 @@ Options:
Server cert: city or locality
--srv-org <SRV_ORG>
Server cert: organization
--srv-expire-days <SRV_EXPIRE_DAYS>
Server cert: days until expiration [default: 365]
--ca-common-name <CA_COMMON_NAME>
CA cert: common name [default: 127.0.0.1]
Expand All @@ -58,6 +63,8 @@ Options:
CA cert: city or locality
--ca-org <CA_ORG>
CA cert: organization
--ca-expire-days <CA_EXPIRE_DAYS>
CA cert: days until expiration [default: 365]
--common-name <COMMON_NAME>
common name: Default set for both CA and server certs
Expand All @@ -69,11 +76,12 @@ Options:
city or locality: Default set for both CA and server certs
--org <ORG>
organization: Default set for both CA and server certs
--expire-days <EXPIRE_DAYS>
expire days: Default set for both CA and server certs
-h, --help
Print help
-V, --version
Print version
```

23 changes: 21 additions & 2 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,10 @@ struct Args {
#[arg(long)]
srv_org: Option<String>,

/// Server cert: days until expiration
#[arg(long, default_value_t = 365)]
srv_expire_days: u32,

/// CA cert: common name
#[arg(long, default_value = "127.0.0.1")]
ca_common_name: String,
Expand All @@ -93,6 +97,10 @@ struct Args {
#[arg(long)]
ca_org: Option<String>,

/// CA cert: days until expiration
#[arg(long, default_value_t = 365)]
ca_expire_days: u32,

/// common name: Default set for both CA and server certs.
#[arg(long)]
common_name: Option<String>,
Expand All @@ -112,6 +120,10 @@ struct Args {
/// organization: Default set for both CA and server certs.
#[arg(long)]
org: Option<String>,

/// expire days: Default set for both CA and server certs.
#[arg(long)]
expire_days: Option<u32>,
}

fn swizzle_args(args: &mut Args) {
Expand Down Expand Up @@ -150,6 +162,13 @@ fn swizzle_args(args: &mut Args) {
}
None => {}
}
match &args.expire_days {
Some(val) => {
args.ca_expire_days = *val;
args.srv_expire_days = *val;
}
None => {}
}
}

fn generate_rsa_private_key() -> Result<PKey<Private>, ErrorStack> {
Expand Down Expand Up @@ -189,7 +208,7 @@ fn create_root_ca_certificate(args: &Args, pkey: &PKey<Private>) -> Result<X509,
builder.set_pubkey(pkey)?;

let not_before = Asn1Time::days_from_now(0)?;
let not_after = Asn1Time::days_from_now(365)?; // Certificate valid for 1 year
let not_after = Asn1Time::days_from_now(args.ca_expire_days)?;
builder.set_not_before(&not_before)?;
builder.set_not_after(&not_after)?;

Expand Down Expand Up @@ -279,7 +298,7 @@ fn sign_server_csr(

// Set validity
let not_before = openssl::asn1::Asn1Time::days_from_now(0)?;
let not_after = openssl::asn1::Asn1Time::days_from_now(365)?; // Valid for 1 year
let not_after = openssl::asn1::Asn1Time::days_from_now(args.srv_expire_days)?;
builder.set_not_before(&not_before)?;
builder.set_not_after(&not_after)?;

Expand Down

0 comments on commit d35f174

Please sign in to comment.