From 7471853652c0875bc4d0f231f78475185f820c3d Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Fri, 5 Jul 2019 21:50:48 -0700
Subject: [PATCH] Generate SHA-256 client certificates instead of SHA-1

---
 libgamestream/mkcert.c | 38 +++-----------------------------------
 1 file changed, 3 insertions(+), 35 deletions(-)

diff --git a/libgamestream/mkcert.c b/libgamestream/mkcert.c
index 0b95a84..7464812 100644
--- a/libgamestream/mkcert.c
+++ b/libgamestream/mkcert.c
@@ -127,14 +127,8 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
      * subject.
      */
     X509_set_issuer_name(x, name);
-    
-    /* Add various extensions: standard extensions */
-    add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
-    add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
-    
-    add_ext(x, NID_subject_key_identifier, "hash");
-    
-    if (!X509_sign(x, pk, EVP_sha1())) {
+        
+    if (!X509_sign(x, pk, EVP_sha256())) {
         goto err;
     }
     
@@ -144,30 +138,4 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
     return(1);
 err:
     return(0);
-}
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(X509 *cert, int nid, char *value)
-{
-    X509_EXTENSION *ex;
-    X509V3_CTX ctx;
-    /* This sets the 'context' of the extensions. */
-    /* No configuration database */
-    X509V3_set_ctx_nodb(&ctx);
-    /* Issuer and subject certs: both the target since it is self signed,
-     * no request and no CRL
-     */
-    X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
-    ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
-    if (!ex) {
-        return 0;
-    }
-    
-    X509_add_ext(cert, ex, -1);
-    X509_EXTENSION_free(ex);
-    return 1;
-}
-
+}
\ No newline at end of file