certtool: Query for multiple dnsName subjectAltName in interactive mode.

2 files changed, 17 insertions, 12 deletions

diff --git a/NEWS b/NEWS
index cb5be1f376..ed2254134a 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
 
 * Version 2.7.6 (unreleased)
 
+** certtool: Query for multiple dnsName subjectAltName in interactive mode.
+This applies both to generating certificates and certificate requests.
+
 ** pkix.asn: Removed unneeded definitions to reduce memory usage.
 
 ** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index fc77307c53..074a0cc058 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation
+ * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
  *
  * This file is part of GNUTLS.
  *
@@ -983,18 +983,20 @@ get_dns_name_set (int type, void *crt)
     {
       const char *p;
 
-      p = read_str ("Enter the dnsName of the subject of the certificate: ");
-      if (!p)
-	return;
+      do
+	{
+	  p = read_str ("Enter a dnsName of the subject of the certificate: ");
+	  if (!p)
+	    return;
 
-      if (type == TYPE_CRT)
-	ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
-						    p, strlen (p),
-						    GNUTLS_FSAN_APPEND);
-      else
-	ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
-						    p, strlen (p),
-						    GNUTLS_FSAN_APPEND);
+	  if (type == TYPE_CRT)
+	    ret = gnutls_x509_crt_set_subject_alt_name
+	      (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
+	  else
+	    ret = gnutls_x509_crq_set_subject_alt_name
+	      (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
+	}
+      while (p);
     }
 
   if (ret < 0)