From edc15b9fa25bb14903192f3908cb61be8e0e5b42 Mon Sep 17 00:00:00 2001
From: Josh Juran <josh@ripple.com>
Date: Tue, 14 Oct 2014 03:55:10 -0700
Subject: [PATCH] Use a self-signed certificate for peers (RIPD-108): Generate
 a new RSA key pair and a self-signed X.509v3 certificate to use with SSL
 connections to rippled peers.  New credentials are created each startup.

---
 src/ripple/common/impl/RippleSSLContext.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/ripple/common/impl/RippleSSLContext.cpp b/src/ripple/common/impl/RippleSSLContext.cpp
index edc94286f8..89b4161bb0 100644
--- a/src/ripple/common/impl/RippleSSLContext.cpp
+++ b/src/ripple/common/impl/RippleSSLContext.cpp
@@ -352,6 +352,19 @@ void RippleSSLContextImp::initAnonymous (
         cipherList.c_str ());
     if (result != 1)
         throw std::invalid_argument("SSL_CTX_set_cipher_list failed");
+
+    using namespace openssl;
+
+    evp_pkey_ptr pkey = evp_pkey_new();
+    evp_pkey_assign_rsa (pkey.get(), rsa_generate_key (2048));
+
+    x509_ptr cert = x509_new();
+    x509_set_pubkey (cert.get(), pkey.get());
+    x509_sign       (cert.get(), pkey.get());
+
+    SSL_CTX* const ctx = context.native_handle();
+    ssl_ctx_use_certificate (ctx, cert);
+    ssl_ctx_use_privatekey  (ctx, pkey);
 }
 
 void RippleSSLContextImp::initAnonymous (std::string const& cipherList)