const char *cafile = lp_tls_cafile(tmp_ctx, lp_ctx);
const char *crlfile = lp_tls_crlfile(tmp_ctx, lp_ctx);
const char *dhpfile = lp_tls_dhpfile(tmp_ctx, lp_ctx);
- void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
+ void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *, const char *);
params = talloc(mem_ctx, struct tls_params);
if (params == NULL) {
talloc_free(tmp_ctx);
}
if (!file_exist(cafile)) {
- tls_cert_generate(params, keyfile, certfile, cafile);
+ char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
+ lp_netbios_name(lp_ctx), lp_realm(lp_ctx));
+ if (hostname == NULL) {
+ goto init_failed;
+ }
+ tls_cert_generate(params, hostname, keyfile, certfile, cafile);
+ talloc_free(hostname);
}
ret = gnutls_global_init();
#if ENABLE_GNUTLS
#include "gnutls/gnutls.h"
#include "gnutls/x509.h"
+#if HAVE_GCRYPT_H
+#include <gcrypt.h>
+#endif
#define ORGANISATION_NAME "Samba Administration"
#define UNIT_NAME "Samba - temporary autogenerated certificate"
-#define COMMON_NAME "Samba"
#define LIFETIME 700*24*60*60
#define DH_BITS 1024
-void tls_cert_generate(TALLOC_CTX *mem_ctx,
- const char *keyfile, const char *certfile,
- const char *cafile);
-
/*
auto-generate a set of self signed certificates
*/
void tls_cert_generate(TALLOC_CTX *mem_ctx,
+ const char *hostname,
const char *keyfile, const char *certfile,
const char *cafile)
{
TLSCHECK(gnutls_global_init());
- DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https\n"));
+ DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n",
+ hostname));
+#ifdef HAVE_GCRYPT_H
+ DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
+ gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+#endif
+
DEBUG(3,("Generating private key\n"));
TLSCHECK(gnutls_x509_privkey_init(&key));
TLSCHECK(gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, DH_BITS, 0));
UNIT_NAME, strlen(UNIT_NAME)));
TLSCHECK(gnutls_x509_crt_set_dn_by_oid(cacrt,
GNUTLS_OID_X520_COMMON_NAME, 0,
- COMMON_NAME, strlen(COMMON_NAME)));
+ hostname, strlen(hostname)));
TLSCHECK(gnutls_x509_crt_set_key(cacrt, cakey));
TLSCHECK(gnutls_x509_crt_set_serial(cacrt, &serial, sizeof(serial)));
TLSCHECK(gnutls_x509_crt_set_activation_time(cacrt, activation));
UNIT_NAME, strlen(UNIT_NAME)));
TLSCHECK(gnutls_x509_crt_set_dn_by_oid(crt,
GNUTLS_OID_X520_COMMON_NAME, 0,
- COMMON_NAME, strlen(COMMON_NAME)));
+ hostname, strlen(hostname)));
TLSCHECK(gnutls_x509_crt_set_key(crt, key));
TLSCHECK(gnutls_x509_crt_set_serial(crt, &serial, sizeof(serial)));
TLSCHECK(gnutls_x509_crt_set_activation_time(crt, activation));