- if (rsa) {
-
- /** Create a public key from the private key */
- if (pk=EVP_PKEY_new(), pk != NULL) {
- EVP_PKEY_assign_RSA(pk, rsa);
- if (req = X509_REQ_new(), req != NULL) {
- const char *env;
- /* Set the public key */
- X509_REQ_set_pubkey(req, pk);
- X509_REQ_set_version(req, 0L);
-
- name = X509_REQ_get_subject_name(req);
-
- /* Tell it who we are */
-
- /*
- * We used to add these fields to the subject, but
- * now we don't. Someone doing this for real isn't
- * going to use the webcit-generated CSR anyway.
- *
- X509_NAME_add_entry_by_txt(name, "C",
- MBSTRING_ASC, "US", -1, -1, 0);
- *
- X509_NAME_add_entry_by_txt(name, "ST",
- MBSTRING_ASC, "New York", -1, -1, 0);
- *
- X509_NAME_add_entry_by_txt(name, "L",
- MBSTRING_ASC, "Mount Kisco", -1, -1, 0);
- */
-
- env = getenv("O");
- if (env == NULL)
- env = "Organization name",
-
- X509_NAME_add_entry_by_txt(
- name, "O",
- MBSTRING_ASC,
- (unsigned char*)env,
- -1, -1, 0
- );
-
- env = getenv("OU");
- if (env == NULL)
- env = "Citadel server";
-
- X509_NAME_add_entry_by_txt(
- name, "OU",
- MBSTRING_ASC,
- (unsigned char*)env,
- -1, -1, 0
- );
-
- env = getenv("CN");
- if (env == NULL)
- env = "*";
-
- X509_NAME_add_entry_by_txt(
- name, "CN",
- MBSTRING_ASC,
- (unsigned char*)env,
- -1, -1, 0
- );
-
- X509_REQ_set_subject_name(req, name);
-
- /* Sign the CSR */
- if (!X509_REQ_sign(req, pk, EVP_md5())) {
- lprintf(3, "X509_REQ_sign(): error\n");
- }
- else {
- /* Write it to disk. */
- fp = fopen(CTDL_CSR_PATH, "w");
- if (fp != NULL) {
- chmod(CTDL_CSR_PATH, 0600);
- PEM_write_X509_REQ(fp, req);
- fclose(fp);
- }
- else {
- lprintf(3, "Cannot write key: %s\n", CTDL_CSR_PATH);
- ShutDownWebcit();
- exit(0);
- }
- }
-
- X509_REQ_free(req);
- }
- }