make sure cert is v3 so certifcate can support extension

author Tony Mack <tmack@paris.CS.Princeton.EDU>

Fri, 28 Jan 2011 23:25:50 +0000 (18:25 -0500)

committer Tony Mack <tmack@paris.CS.Princeton.EDU>

Fri, 28 Jan 2011 23:25:50 +0000 (18:25 -0500)
author Tony Mack <tmack@paris.CS.Princeton.EDU>
Fri, 28 Jan 2011 23:25:50 +0000 (18:25 -0500)
committer Tony Mack <tmack@paris.CS.Princeton.EDU>
Fri, 28 Jan 2011 23:25:50 +0000 (18:25 -0500)
diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py

index ed1792e..6846472 100644 (file)
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -160,6 +160,9 @@ class Keypair:
          ASN1.set_time(500)
          m2x509.set_not_before(ASN1)
          m2x509.set_not_after(ASN1)
+        # x509v3 so it can have extensions
+        # prob not necc since this cert itself is junk but still...
+        m2x509.set_version(2)
          junk_key = Keypair(create=True)
          m2x509.sign(pkey=junk_key.get_m2_pkey(), md="sha1")
  
@@ -296,6 +299,8 @@ class Certificate:
          self.cert.set_serial_number(3)
          self.cert.gmtime_adj_notBefore(0)
          self.cert.gmtime_adj_notAfter(60*60*24*365*5) # five years
+        self.cert.set_version(2) # x509v3 so it can have extensions        
+
  
      ##
      # Given a pyOpenSSL X509 object, store that object inside of this
author	Tony Mack <tmack@paris.CS.Princeton.EDU>
	Fri, 28 Jan 2011 23:25:50 +0000 (18:25 -0500)
committer	Tony Mack <tmack@paris.CS.Princeton.EDU>
	Fri, 28 Jan 2011 23:25:50 +0000 (18:25 -0500)