diff --git a/albatross.opam b/albatross.opam index 41fb568..10cd322 100644 --- a/albatross.opam +++ b/albatross.opam @@ -19,7 +19,7 @@ depends: [ "cmdliner" {>= "1.0.0"} "fmt" "astring" - "x509" {>= "0.7.0"} + "x509" {>= "0.8.0"} "tls" {>= "0.9.0"} "nocrypto" "asn1-combinators" {>= "0.2.0"} diff --git a/client/albatross_client_bistro.ml b/client/albatross_client_bistro.ml index 7b17788..b095205 100644 --- a/client/albatross_client_bistro.ml +++ b/client/albatross_client_bistro.ml @@ -52,7 +52,9 @@ let handle (host, port) cert key ca id (cmd : Vmm_commands.t) = (singleton (Unsupported Vmm_asn.oid) (false, v))))) in let csr = - let name = Distinguished_name.(singleton CN name) in + let name = + [ Distinguished_name.(Relative_distinguished_name.singleton (CN name)) ] + in let extensions = Signing_request.Ext.(singleton Extensions extensions) in Signing_request.create name ~extensions (`RSA tmpkey) in diff --git a/provision/albatross_provision.ml b/provision/albatross_provision.ml index 4d7e9aa..4cd9b43 100644 --- a/provision/albatross_provision.ml +++ b/provision/albatross_provision.ml @@ -39,7 +39,9 @@ let sign ?dbname ?certname extensions issuer key csr delta = (match certname with | Some x -> Ok x | None -> - match X509.(Distinguished_name.find CN Signing_request.((info csr).subject)) with + match + X509.Distinguished_name.common_name X509.Signing_request.((info csr).subject) + with | Some name -> Ok name | None -> Error (`Msg "couldn't find name (no common name in CSR subject)")) >>= fun certname -> timestamps delta >>= fun (valid_from, valid_until) -> diff --git a/provision/albatross_provision_ca.ml b/provision/albatross_provision_ca.ml index d70cbc9..51bc536 100644 --- a/provision/albatross_provision_ca.ml +++ b/provision/albatross_provision_ca.ml @@ -75,11 +75,11 @@ let help _ man_format cmds = function let generate _ name db days sname sdays = Nocrypto_entropy_unix.initialize () ; priv_key ~bits:4096 None name >>= fun key -> - let name = Distinguished_name.(singleton CN name) in + let name = [ Distinguished_name.(Relative_distinguished_name.singleton (CN name)) ] in let csr = Signing_request.create name key in sign ~certname:"cacert" (d_exts ()) name key csr (Duration.of_day days) >>= fun () -> priv_key None sname >>= fun skey -> - let sname = Distinguished_name.(singleton CN sname) in + let sname = [ Distinguished_name.(Relative_distinguished_name.singleton (CN sname)) ] in let csr = Signing_request.create sname skey in sign ~dbname:(Fpath.v db) s_exts name key csr (Duration.of_day sdays) diff --git a/provision/albatross_provision_request.ml b/provision/albatross_provision_request.ml index 192f051..2c69ed4 100644 --- a/provision/albatross_provision_request.ml +++ b/provision/albatross_provision_request.ml @@ -11,7 +11,8 @@ let csr priv name cmd = let ext = let v = cert_extension_to_cstruct (version, cmd) in X509.Extension.(singleton (Unsupported oid) (false, v)) - and name = X509.Distinguished_name.(singleton CN name) + and name = + [ X509.Distinguished_name.(Relative_distinguished_name.singleton (CN name)) ] in let extensions = X509.Signing_request.Ext.(singleton Extensions ext) in X509.Signing_request.create name ~extensions priv diff --git a/tls/vmm_tls.ml b/tls/vmm_tls.ml index fc83428..ca7cbde 100644 --- a/tls/vmm_tls.ml +++ b/tls/vmm_tls.ml @@ -9,7 +9,7 @@ let cert_name cert = match Extension.(find (Unsupported Vmm_asn.oid) (Certificate.extensions cert)) with | None -> Ok None | Some (_, data) -> - match Distinguished_name.(find CN (Certificate.subject cert)) with + match X509.(Distinguished_name.common_name (Certificate.subject cert)) with | Some name -> Ok (Some name) | None -> match Vmm_asn.cert_extension_of_cstruct data with | Error (`Msg _) -> Error (`Msg "couldn't parse albatross extension")