diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-10-08 08:23:01 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-10-08 08:23:01 +0200 |
| commit | a6b2f5ce7316b4774649ee9b421da2ee7fef461f (patch) | |
| tree | b1a68850d1b8b5253afa706b7ae284978a552df3 | |
| parent | e468763b03ec470c1aec999efbc5b74821e4457f (diff) | |
| download | gnutls-a6b2f5ce7316b4774649ee9b421da2ee7fef461f.tar.gz | |
Applied last patch of Micah Anderson on IKE status.
| -rw-r--r-- | src/certtool.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/certtool.c b/src/certtool.c index 794a0d6b6d..e9a92ccb63 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -2135,6 +2135,9 @@ generate_request (void) else usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; + if (get_ipsec_ike_status && (get_sign_status (get_tls_server_status()) !=1)) + usage |= GNUTLS_KEY_NON_REPUDIATION; + if (ca_status) { ret = get_cert_sign_status (); @@ -2171,15 +2174,6 @@ generate_request (void) if (ret < 0) error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); } - - ret = get_ipsec_ike_status (); - if (ret) - { - ret = gnutls_x509_crq_set_key_purpose_oid - (crq, GNUTLS_KP_IPSEC_IKE, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); - } } ret = gnutls_x509_crq_set_key_usage (crq, usage); @@ -2203,6 +2197,15 @@ generate_request (void) if (ret < 0) error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); } + + ret = get_ipsec_ike_status (); + if (ret) + { + ret = gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_IPSEC_IKE, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); + } } ret = gnutls_x509_crq_set_key (crq, key); |