diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-05 14:21:13 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-05 21:40:15 +0200 |
commit | 963c8dcb4236198bc968d33e3d99b371d34e8c95 (patch) | |
tree | d4b501472b25e2b71696f51ffb13d2fb04e252e1 | |
parent | 703fd0b85ebd94054375ae6518a089649c1d3b3f (diff) | |
download | gnutls-963c8dcb4236198bc968d33e3d99b371d34e8c95.tar.gz |
certtool: introduced the email_protection_key option
This option was introduced in documentation for certtool without
an implementation of it. It is a shortcut for option
key_purpose_oid = 1.3.6.1.5.5.7.3.4
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | src/certtool-cfg.c | 15 | ||||
-rw-r--r-- | src/certtool-cfg.h | 1 | ||||
-rw-r--r-- | src/certtool.c | 24 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index 73f273d43f..ba15d10910 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -142,6 +142,7 @@ static struct cfg_options available_options[] = { { .name = "code_signing_key", .type = OPTION_BOOLEAN }, { .name = "ocsp_signing_key", .type = OPTION_BOOLEAN }, { .name = "time_stamping_key", .type = OPTION_BOOLEAN }, + { .name = "email_protection_key", .type = OPTION_BOOLEAN }, { .name = "ipsec_ike_key", .type = OPTION_BOOLEAN }, { .name = "key_agreement", .type = OPTION_BOOLEAN }, { .name = "data_encipherment", .type = OPTION_BOOLEAN }, @@ -210,6 +211,7 @@ typedef struct _cfg_ctx { int code_sign_key; int ocsp_sign_key; int time_stamping_key; + int email_protection_key; int ipsec_ike_key; char **key_purpose_oids; int crl_next_update; @@ -540,6 +542,7 @@ int template_parse(const char *template) READ_BOOLEAN("code_signing_key", cfg.code_sign_key); READ_BOOLEAN("ocsp_signing_key", cfg.ocsp_sign_key); READ_BOOLEAN("time_stamping_key", cfg.time_stamping_key); + READ_BOOLEAN("email_protection_key", cfg.email_protection_key); READ_BOOLEAN("ipsec_ike_key", cfg.ipsec_ike_key); READ_BOOLEAN("data_encipherment", cfg.data_encipherment); @@ -2375,6 +2378,18 @@ int get_time_stamp_status(void) } } +int get_email_protection_status(void) +{ + if (batch) { + return cfg.email_protection_key; + } else { + return + read_yesno + ("Will the certificate be used for email protection? (y/N): ", + 0); + } +} + int get_ipsec_ike_status(void) { if (batch) { diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 8d1daadca9..e3fc56ce99 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -66,6 +66,7 @@ time_t get_crl_next_update(void); time_t get_crl_revocation_date(void); time_t get_crl_this_update_date(void); int get_time_stamp_status(void); +int get_email_protection_status(void); int get_ocsp_sign_status(void); int get_code_sign_status(void); int get_crl_sign_status(void); diff --git a/src/certtool.c b/src/certtool.c index 36704b39c1..8f887eb510 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -568,6 +568,18 @@ generate_certificate(gnutls_privkey_t * ret_key, } } + result = get_email_protection_status(); + if (result) { + result = + gnutls_x509_crt_set_key_purpose_oid + (crt, GNUTLS_KP_EMAIL_PROTECTION, 0); + if (result < 0) { + fprintf(stderr, "key_kp: %s\n", + gnutls_strerror(result)); + exit(1); + } + } + if (ca_status) { result = get_cert_sign_status(); if (result) @@ -2068,6 +2080,18 @@ void generate_request(common_info_st * cinfo) } } + ret = get_email_protection_status(); + if (ret) { + ret = + gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_EMAIL_PROTECTION, 0); + if (ret < 0) { + fprintf(stderr, "key_kp: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } + ret = get_ipsec_ike_status(); if (ret) { ret = gnutls_x509_crq_set_key_purpose_oid |