diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-19 11:37:01 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-19 11:37:01 +0100 |
| commit | 80e226dcdad0d84493bf44f7f1a1a827a7ecf2de (patch) | |
| tree | d5dc6c639411355aade87e03e51006fb41131238 | |
| parent | 0c0c2b1a34ad4493480d1121c6aefe16b6e8e9bd (diff) | |
| download | gnutls-80e226dcdad0d84493bf44f7f1a1a827a7ecf2de.tar.gz | |
Certtool can now write more than a single crl_dist_point.
| -rw-r--r-- | src/certtool-cfg.c | 48 | ||||
| -rw-r--r-- | src/certtool-cfg.h | 2 | ||||
| -rw-r--r-- | src/certtool.c | 12 |
3 files changed, 39 insertions, 23 deletions
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index 2c84d35db5..fbc1f6833e 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -80,7 +80,7 @@ typedef struct _cfg_ctx { char **excluded_nc_dns; char **permitted_nc_email; char **excluded_nc_email; - char *crl_dist_points; + char **crl_dist_points; char *password; char *pkcs12_key_name; char *expiration_date; @@ -296,9 +296,7 @@ int template_parse(const char *template) READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid); - val = optionGetValue(pov, "crl_dist_points"); - if (val != NULL && val->valType == OPARG_TYPE_STRING) - cfg.crl_dist_points = strdup(val->v.strVal); + READ_MULTI_LINE("crl_dist_points", cfg.crl_dist_points); val = optionGetValue(pov, "pkcs12_key_name"); if (val != NULL && val->valType == OPARG_TYPE_STRING) @@ -513,14 +511,42 @@ const char *get_challenge_pass(void) return getpass("Enter a challenge password: "); } -const char *get_crl_dist_point_url(void) +void get_crl_dist_point_set(gnutls_x509_crt_t crt) { - if (batch) - return cfg.crl_dist_points; - else - return - read_str - ("Enter the URI of the CRL distribution point: "); + int ret = 0, i; + + if (batch) { + if (!cfg.crl_dist_points) + return; + + for (i = 0; cfg.crl_dist_points[i] != NULL; i++) { + ret = + gnutls_x509_crt_set_crl_dist_points + (crt, GNUTLS_SAN_URI, cfg.crl_dist_points[i], + 0); + if (ret < 0) + break; + } + } else { + const char *p; + + do { + p = read_str + ("Enter the URI of the CRL distribution point: "); + if (!p) + return; + + ret = gnutls_x509_crt_set_crl_dist_points + (crt, GNUTLS_SAN_URI, p, 0); + } + while (p); + } + + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_set_crl_dist_points: %s\n", + gnutls_strerror(ret)); + exit(1); + } } void get_country_crt_set(gnutls_x509_crt_t crt) diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 8c141d6658..b7069272d7 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -37,7 +37,7 @@ int read_yesno(const char *input_str, int def); const char *get_pass(void); const char *get_confirmed_pass(bool empty_ok); const char *get_challenge_pass(void); -const char *get_crl_dist_point_url(void); +void get_crl_dist_point_set(gnutls_x509_crt_t crt); void crt_constraints_set(gnutls_x509_crt_t crt); void get_country_crt_set(gnutls_x509_crt_t crt); void get_organization_crt_set(gnutls_x509_crt_t crt); diff --git a/src/certtool.c b/src/certtool.c index 877cc9c34a..4b628394d4 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -758,7 +758,6 @@ void generate_self_signed(common_info_st * cinfo) gnutls_privkey_t key; size_t size; int result; - const char *uri; fprintf(stderr, "Generating a self signed certificate...\n"); @@ -767,16 +766,7 @@ void generate_self_signed(common_info_st * cinfo) if (!key) key = load_private_key(1, cinfo); - uri = get_crl_dist_point_url(); - if (uri) { - result = gnutls_x509_crt_set_crl_dist_points(crt, GNUTLS_SAN_URI, uri, 0 /* all reasons */ - ); - if (result < 0) { - fprintf(stderr, "crl_dist_points: %s\n", - gnutls_strerror(result)); - exit(1); - } - } + get_crl_dist_point_set(crt); print_certificate_info(crt, stderr, 0); |