diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-08-13 11:36:17 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-08-13 12:11:17 +0200 |
commit | 901c9c73f6479f4cc71c8264a488c99d7229221f (patch) | |
tree | bfe1ae314f61ead2ab53a5bb532c664d4651d826 | |
parent | ece060599637990bbaef132f4104d1bd53fb656c (diff) | |
download | gnutls-901c9c73f6479f4cc71c8264a488c99d7229221f.tar.gz |
certtool: allow appending certificates to a CRL
-rw-r--r-- | src/certtool-args.def | 2 | ||||
-rw-r--r-- | src/certtool.c | 21 |
2 files changed, 17 insertions, 6 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index ac644f8fdb..8e4e4a40d5 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -40,7 +40,7 @@ flag = { flag = { name = generate-crl; descrip = "Generate a CRL"; - doc = ""; + doc = "This option generates a CRL. When combined with --load-crl it would use the loaded CRL as base for the generated (i.e., all revoked certificates in the base will be copied to the new CRL)."; }; flag = { diff --git a/src/certtool.c b/src/certtool.c index 392f5bad37..6989c4b164 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -639,15 +639,26 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) { gnutls_x509_crl_t crl; gnutls_x509_crt_t *crts; - size_t size; + gnutls_x509_crl_t *crls; + size_t size, crl_size; int result; unsigned int i; time_t secs, now = time(0); - result = gnutls_x509_crl_init(&crl); - if (result < 0) { - fprintf(stderr, "crl_init: %s\n", gnutls_strerror(result)); - exit(1); + crls = load_crl_list(0, &crl_size, cinfo); + if (crls != NULL) { + if (crl_size > 1) { + fprintf(stderr, "load_crl: too many CRLs present\n"); + exit(1); + } + crl = crls[0]; + gnutls_free(crls); + } else { + result = gnutls_x509_crl_init(&crl); + if (result < 0) { + fprintf(stderr, "crl_init: %s\n", gnutls_strerror(result)); + exit(1); + } } crts = load_cert_list(0, &size, cinfo); |