diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-10 12:25:06 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-10 12:25:06 +0000 |
commit | 3fe0122c3c83b1c12b7c0d9e410e60c5cd0e984c (patch) | |
tree | 2884cf270a74ee4e7353be18e44d843d51d42a10 | |
parent | 3b06239456ae3552e5595929d493cde313f0000d (diff) | |
download | gnutls-3fe0122c3c83b1c12b7c0d9e410e60c5cd0e984c.tar.gz |
The certtool utility can now generate PKCS #12 structures
without specifying a certificate.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | src/certtool.c | 100 |
2 files changed, 59 insertions, 45 deletions
@@ -1,3 +1,7 @@ +Version 0.9.97 +- The certtool utility can now generate PKCS #12 structures + without specifying a certificate. + Version 0.9.96 (09/11/2003) - Some changes to allow compilation with mingw32. - Several code cleanups. diff --git a/src/certtool.c b/src/certtool.c index 4de05c0e1f..8187aefa95 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -36,11 +36,11 @@ int generate_prime(int bits); void pkcs12_info( void); void generate_pkcs12( void); void verify_chain(void); -gnutls_x509_privkey load_private_key(void); +gnutls_x509_privkey load_private_key(int mand); gnutls_x509_crq load_request(void); gnutls_x509_privkey load_ca_private_key(void); gnutls_x509_crt load_ca_cert(void); -gnutls_x509_crt load_cert(void); +gnutls_x509_crt load_cert(int mand); void certificate_info( void); void privkey_info( void); static void gaa_parser(int argc, char **argv); @@ -154,7 +154,7 @@ gnutls_x509_privkey key; int ret; if (info.privkey) - return load_private_key(); + return load_private_key(1); ret = gnutls_x509_privkey_init(&key); if (ret < 0) { @@ -259,11 +259,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key) if (crq == NULL) { - key = load_private_key(); - if (key==NULL) { - fprintf(stderr, "Could not load private key.\n"); - exit(1); - } + key = load_private_key(1); fprintf(stderr, "Please enter the details of the certificate's distinguished name. " "Just press enter to ignore a field.\n"); @@ -374,7 +370,7 @@ gnutls_x509_crt update_certificate( void) exit(1); } - crt = load_cert(); + crt = load_cert(1); fprintf(stderr, "Activation/Expiration time.\n"); gnutls_x509_crt_set_activation_time( crt, time(NULL)); @@ -509,7 +505,7 @@ int ret; if (info.outfile) { outfile = fopen(info.outfile, "w"); if (outfile == NULL) { - fprintf(stderr, "error: could not open %s.\n", info.outfile); + fprintf(stderr, "error: could not open '%s'.\n", info.outfile); exit(1); } } else outfile = stdout; @@ -517,7 +513,7 @@ int ret; if (info.infile) { infile = fopen(info.infile, "r"); if (infile == NULL) { - fprintf(stderr, "error: could not open %s.\n", info.infile); + fprintf(stderr, "error: could not open '%s'.\n", info.infile); exit(1); } } else infile = stdin; @@ -825,8 +821,9 @@ void privkey_info( void) fprintf(outfile, "\n"); } - -gnutls_x509_privkey load_private_key() +/* mand should be non zero if it is required to read a private key. + */ +gnutls_x509_privkey load_private_key(int mand) { FILE* fd; gnutls_x509_privkey key; @@ -834,11 +831,16 @@ int ret; gnutls_datum dat; size_t size; - if (!info.privkey) return NULL; + if (!info.privkey && !mand) return NULL; + + if (!info.privkey) { + fprintf(stderr, "error: a private key was not specified\n"); + exit(1); + } fd = fopen(info.privkey, "r"); if (fd == NULL) { - fprintf(stderr, "File %s does not exist.\n", info.privkey); + fprintf(stderr, "error: could not load key file '%s'.\n", info.privkey); exit(1); } @@ -1006,8 +1008,10 @@ size_t size; } /* Loads the certificate + * If mand is non zero then a certificate is mandatory. Otherwise + * null will be returned if the certificate loading fails. */ -gnutls_x509_crt load_cert() +gnutls_x509_crt load_cert(int mand) { FILE* fd; gnutls_x509_crt crt; @@ -1019,7 +1023,8 @@ size_t size; if (info.cert==NULL) { fprintf(stderr, "You must specify a certificate.\n"); - exit(1); + if (mand) exit(1); + else return NULL; } fd = fopen(info.cert, "r"); @@ -1427,8 +1432,8 @@ void generate_pkcs12( void) fprintf(stderr, "Generating a PKCS #12 structure...\n"); - key = load_private_key(); - crt = load_cert(); + key = load_private_key(1); + crt = load_cert(0); do { name = read_str("Enter a name for the key: "); @@ -1453,34 +1458,37 @@ void generate_pkcs12( void) key_id.data = _key_id; key_id.size = size; - result = gnutls_pkcs12_bag_set_crt( bag, crt); - if (result < 0) { - fprintf(stderr, "set_crt: %s\n", gnutls_strerror(result)); - exit(1); - } + if (crt) { /* add the certificate only if it was specified. + */ + result = gnutls_pkcs12_bag_set_crt( bag, crt); + if (result < 0) { + fprintf(stderr, "set_crt: %s\n", gnutls_strerror(result)); + exit(1); + } - index = result; + index = result; - result = gnutls_pkcs12_bag_set_friendly_name( bag, index, name); - if (result < 0) { - fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); - exit(1); - } + result = gnutls_pkcs12_bag_set_friendly_name( bag, index, name); + if (result < 0) { + fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); + exit(1); + } - result = gnutls_pkcs12_bag_set_key_id( bag, index, &key_id); - if (result < 0) { - fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); - exit(1); - } + result = gnutls_pkcs12_bag_set_key_id( bag, index, &key_id); + if (result < 0) { + fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); + exit(1); + } - if (info.export) flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; - else flags = GNUTLS_PKCS8_USE_PKCS12_3DES; + if (info.export) flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; + else flags = GNUTLS_PKCS8_USE_PKCS12_3DES; - result = gnutls_pkcs12_bag_encrypt( bag, password, flags); - if (result < 0) { - fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); - exit(1); + result = gnutls_pkcs12_bag_encrypt( bag, password, flags); + if (result < 0) { + fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); + exit(1); + } } /* Key BAG */ @@ -1532,10 +1540,12 @@ void generate_pkcs12( void) exit(1); } - result = gnutls_pkcs12_set_bag( pkcs12, bag); - if (result < 0) { - fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); - exit(1); + if (crt) { + result = gnutls_pkcs12_set_bag( pkcs12, bag); + if (result < 0) { + fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); + exit(1); + } } result = gnutls_pkcs12_set_bag( pkcs12, kbag); |