diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-03-25 10:05:33 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-03-25 10:05:33 +0100 |
| commit | 1c91a1d4ea88aade76a9c981a18079a7195aeed3 (patch) | |
| tree | 3c6d543e5717120347caa4cf5fe4d09529338031 | |
| parent | 67b4c6e6cae5d0fdc4c42296419027ce5dd7ae50 (diff) | |
| download | gnutls-1c91a1d4ea88aade76a9c981a18079a7195aeed3.tar.gz | |
certtool: added the --email option, to use in verification
| -rw-r--r-- | src/certtool-args.def | 8 | ||||
| -rw-r--r-- | src/certtool.c | 13 |
2 files changed, 17 insertions, 4 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index 2b1af6aa0f..1c82631e7d 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -96,6 +96,14 @@ flag = { }; flag = { + name = email; + descrip = "Specify a email to be used for certificate chain verification"; + arg-type = string; + doc = "This is to be combined with one of the verify certificate options."; + flags-cant = hostname; +}; + +flag = { name = purpose; descrip = "Specify a purpose OID to be used for certificate chain verification"; arg-type = string; diff --git a/src/certtool.c b/src/certtool.c index f5cb198fa2..e90498b314 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -2288,7 +2288,7 @@ static int detailed_verification(gnutls_x509_crt_t cert, static int _verify_x509_mem(const void *cert, int cert_size, const void *ca, int ca_size, unsigned system, const char *purpose, - const char *hostname) + const char *hostname, const char *email) { int ret; gnutls_datum_t tmp; @@ -2405,7 +2405,7 @@ _verify_x509_mem(const void *cert, int cert_size, const void *ca, fprintf(stdout, "Loaded %d certificates, %d CAs and %d CRLs\n\n", x509_ncerts, x509_ncas, x509_ncrls); - if (purpose || hostname) { + if (purpose || hostname || email) { gnutls_typed_vdata_st vdata[2]; unsigned vdata_size = 0; @@ -2421,6 +2421,11 @@ _verify_x509_mem(const void *cert, int cert_size, const void *ca, vdata[vdata_size].data = (void*)hostname; vdata[vdata_size].size = strlen(hostname); vdata_size++; + } else if (email) { + vdata[vdata_size].type = GNUTLS_DT_RFC822NAME; + vdata[vdata_size].data = (void*)email; + vdata[vdata_size].size = strlen(email); + vdata_size++; } ret = @@ -2496,7 +2501,7 @@ static void verify_chain(void) buf[size] = 0; - _verify_x509_mem(buf, size, NULL, 0, 0, OPT_ARG(PURPOSE), OPT_ARG(HOSTNAME)); + _verify_x509_mem(buf, size, NULL, 0, 0, OPT_ARG(PURPOSE), OPT_ARG(HOSTNAME), OPT_ARG(EMAIL)); } @@ -2533,7 +2538,7 @@ static void verify_certificate(common_info_st * cinfo) } _verify_x509_mem(cert, cert_size, cas, ca_size, - (cinfo->ca != NULL) ? 0 : 1, OPT_ARG(PURPOSE), OPT_ARG(HOSTNAME)); + (cinfo->ca != NULL) ? 0 : 1, OPT_ARG(PURPOSE), OPT_ARG(HOSTNAME), OPT_ARG(EMAIL)); } |