|
|
@@ -3,7 +3,7 @@ package main
|
|
|
import (
|
|
|
"crypto/rand"
|
|
|
"crypto/rsa"
|
|
|
- "crypto/sha1"
|
|
|
+ "crypto/sha256"
|
|
|
"crypto/tls"
|
|
|
"crypto/x509"
|
|
|
"crypto/x509/pkix"
|
|
|
@@ -12,11 +12,12 @@ import (
|
|
|
"math/big"
|
|
|
"os"
|
|
|
"path"
|
|
|
+ "strings"
|
|
|
"time"
|
|
|
)
|
|
|
|
|
|
const (
|
|
|
- tlsRSABits = 2048
|
|
|
+ tlsRSABits = 3072
|
|
|
tlsName = "syncthing"
|
|
|
)
|
|
|
|
|
|
@@ -25,13 +26,15 @@ func loadCert(dir string) (tls.Certificate, error) {
|
|
|
}
|
|
|
|
|
|
func certId(bs []byte) string {
|
|
|
- hf := sha1.New()
|
|
|
+ hf := sha256.New()
|
|
|
hf.Write(bs)
|
|
|
id := hf.Sum(nil)
|
|
|
- return base32.StdEncoding.EncodeToString(id)
|
|
|
+ return strings.Trim(base32.StdEncoding.EncodeToString(id), "=")
|
|
|
}
|
|
|
|
|
|
func newCertificate(dir string) {
|
|
|
+ infoln("Generating RSA certificate and key...")
|
|
|
+
|
|
|
priv, err := rsa.GenerateKey(rand.Reader, tlsRSABits)
|
|
|
fatalErr(err)
|
|
|
|
|
|
@@ -47,7 +50,7 @@ func newCertificate(dir string) {
|
|
|
NotAfter: notAfter,
|
|
|
|
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
|
- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
|
+ ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
|
|
|
BasicConstraintsValid: true,
|
|
|
}
|
|
|
|
|
|
@@ -58,11 +61,11 @@ func newCertificate(dir string) {
|
|
|
fatalErr(err)
|
|
|
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
|
certOut.Close()
|
|
|
- okln("Created TLS certificate file")
|
|
|
+ okln("Created RSA certificate file")
|
|
|
|
|
|
keyOut, err := os.OpenFile(path.Join(dir, "key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
|
|
fatalErr(err)
|
|
|
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
|
|
|
keyOut.Close()
|
|
|
- okln("Created TLS key file")
|
|
|
+ okln("Created RSA key file")
|
|
|
}
|
Jakob Borg