moonlight-stream/moonlight-ios
1
0
Fork 0
mirror of https://github.com/moonlight-stream/moonlight-ios.git synced 2025-07-01 15:26:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable certificate encryption to avoid legacy provider requirement

Browse Source 
Closes #646
Fixes #660
This commit is contained in:
Cameron Gutman 2024-12-20 14:43:04 -06:00
parent 42518301f7
commit 1cfabac4b5
1 changed files with 1 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Limelight/Crypto/mkcert.c
View File

@ -63,21 +63,9 @@ void mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
} }
struct CertKeyPair generateCertKeyPair(void) { struct CertKeyPair generateCertKeyPair(void) {
BIO *bio_err;
X509 *x509 = NULL; X509 *x509 = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
PKCS12 *p12 = NULL; PKCS12 *p12 = NULL;
// OpenSSL3 has default algorithms that iOS refuses to load so we
// must load the legacy provider and override all the algorithms
// in this cert.
OSSL_PROVIDER *_legacy = OSSL_PROVIDER_try_load(NULL, "legacy", 1);
if (_legacy == NULL) {
printf("Failed to load Legacy provider\n");
}
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkcert(&x509, &pkey, NUM_BITS, SERIAL, NUM_YEARS); mkcert(&x509, &pkey, NUM_BITS, SERIAL, NUM_YEARS);
@ -88,7 +76,7 @@ struct CertKeyPair generateCertKeyPair(void) {
x509, x509,
NULL, NULL,
NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
NID_pbe_WithSHA1And40BitRC2_CBC, -1, // disable certificate encryption
2048, 2048,
-1, // disable the automatic MAC -1, // disable the automatic MAC
0); 0);
@ -99,8 +87,6 @@ struct CertKeyPair generateCertKeyPair(void) {
printf("Error generating a valid PKCS12 certificate.\n"); printf("Error generating a valid PKCS12 certificate.\n");
} }
BIO_free(bio_err);
return (CertKeyPair){x509, pkey, p12}; return (CertKeyPair){x509, pkey, p12};
} }