diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-15 23:32:26 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-01-15 23:34:50 +0100 |
| commit | 98cdc97bd080cfaba6a6ada0ab9addb4adef66e0 (patch) | |
| tree | a0f643fe100b6743857e49192bd889b059725308 /src | |
| parent | e6c4ef2a361300a5542d4aac461a85b0edbda009 (diff) | |
| download | gnutls-98cdc97bd080cfaba6a6ada0ab9addb4adef66e0.tar.gz | |
Added functions to directly set the DN in a certificate or request from an RFC4514 string.
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool-args.c | 2 | ||||
| -rw-r--r-- | src/certtool-args.def | 12 | ||||
| -rw-r--r-- | src/certtool-args.h | 2 | ||||
| -rw-r--r-- | src/certtool-cfg.c | 45 | ||||
| -rw-r--r-- | src/certtool-cfg.h | 2 | ||||
| -rw-r--r-- | src/certtool.c | 14 |
6 files changed, 71 insertions, 6 deletions
diff --git a/src/certtool-args.c b/src/certtool-args.c index 39b62c5ed5..3f861b7bac 100644 --- a/src/certtool-args.c +++ b/src/certtool-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.c) * - * It has been AutoGen-ed December 15, 2012 at 11:11:26 AM by AutoGen 5.16 + * It has been AutoGen-ed January 15, 2013 at 11:30:45 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * diff --git a/src/certtool-args.def b/src/certtool-args.def index 07e6406b8d..8275359986 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -557,6 +557,18 @@ cn = "Cindy Lauper" # certificates. # pkcs9_email = "none@@none.org" +# An alternative way to set the certificate's distinguished name directly +# is with the "dn" option. The attribute names allowed are: +# C (country), street, O (organization), OU (unit), title, CN (common name), +# L (locality), ST (state), placeOfBirth, gender, countryOfCitizenship, +# countryOfResidence, serialNumber, telephoneNumber, surName, initials, +# generationQualifier, givenName, pseudonym, dnQualifier, postalCode, name, +# businessCategory, DC, UID, jurisdictionOfIncorporationLocalityName, +# jurisdictionOfIncorporationStateOrProvinceName, +# jurisdictionOfIncorporationCountryName, XmppAddr, and numeric OIDs. + +#dn = "cn=Nik,st=Attiki,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + # The serial number of the certificate serial = 007 diff --git a/src/certtool-args.h b/src/certtool-args.h index bd1f67090c..1fa15df473 100644 --- a/src/certtool-args.h +++ b/src/certtool-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.h) * - * It has been AutoGen-ed December 15, 2012 at 11:11:26 AM by AutoGen 5.16 + * It has been AutoGen-ed January 15, 2013 at 11:30:45 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index b1113c61fe..4cace7bb36 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -57,6 +57,7 @@ typedef struct _cfg_ctx char *unit; char *locality; char *state; + char *dn; char *cn; char *uid; char *challenge_password; @@ -213,6 +214,10 @@ template_parse (const char *template) if (val != NULL && val->valType == OPARG_TYPE_STRING) cfg.state = strdup(val->v.strVal); + val = optionGetValue(pov, "dn"); + if (val != NULL && val->valType == OPARG_TYPE_STRING) + cfg.dn = strdup(val->v.strVal); + val = optionGetValue(pov, "cn"); if (val != NULL && val->valType == OPARG_TYPE_STRING) cfg.cn = strdup(val->v.strVal); @@ -664,6 +669,26 @@ get_cn_crt_set (gnutls_x509_crt_t crt) } void +get_dn_crt_set (gnutls_x509_crt_t crt) +{ + int ret; + const char* err; + + if (batch) + { + if (!cfg.dn) + return; + ret = + gnutls_x509_crt_set_dn (crt, cfg.dn, &err); + if (ret < 0) + { + fprintf (stderr, "set_dn: %s at: %s\n", gnutls_strerror (ret), err); + exit (1); + } + } +} + +void get_uid_crt_set (gnutls_x509_crt_t crt) { int ret; @@ -1669,6 +1694,26 @@ get_locality_crq_set (gnutls_x509_crq_t crq) } void +get_dn_crq_set (gnutls_x509_crq_t crq) +{ + int ret; + const char* err; + + if (batch) + { + if (!cfg.dn) + return; + ret = + gnutls_x509_crq_set_dn (crq, cfg.dn, &err); + if (ret < 0) + { + fprintf (stderr, "set_dn: %s at: %s\n", gnutls_strerror (ret), err); + exit (1); + } + } +} + +void get_cn_crq_set (gnutls_x509_crq_t crq) { int ret; diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index bcb96d7428..87b5be1eb4 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -44,6 +44,8 @@ void get_unit_crt_set (gnutls_x509_crt_t crt); void get_state_crt_set (gnutls_x509_crt_t crt); void get_locality_crt_set (gnutls_x509_crt_t crt); void get_cn_crt_set (gnutls_x509_crt_t crt); +void get_dn_crt_set (gnutls_x509_crt_t crt); +void get_dn_crq_set (gnutls_x509_crq_t crt); void get_uid_crt_set (gnutls_x509_crt_t crt); void get_pkcs9_email_crt_set (gnutls_x509_crt_t crt); void get_oid_crt_set (gnutls_x509_crt_t crt); diff --git a/src/certtool.c b/src/certtool.c index ab9c7bae2f..e76f197641 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -271,18 +271,22 @@ generate_certificate (gnutls_privkey_t * ret_key, error (EXIT_FAILURE, 0, "set_proxy_dn: %s", gnutls_strerror (result)); + get_dn_crt_set (crt); get_cn_crt_set (crt); } else { + get_dn_crt_set (crt); + get_country_crt_set (crt); + get_state_crt_set (crt); + get_locality_crt_set (crt); get_organization_crt_set (crt); get_unit_crt_set (crt); - get_locality_crt_set (crt); - get_state_crt_set (crt); get_cn_crt_set (crt); get_dc_set (TYPE_CRT, crt); get_uid_crt_set (crt); + get_oid_crt_set (crt); get_key_purpose_set (crt); @@ -1778,11 +1782,13 @@ generate_request (common_info_st * cinfo) /* Set the DN. */ + get_dn_crq_set (crq); + get_country_crq_set (crq); + get_state_crq_set (crq); + get_locality_crq_set (crq); get_organization_crq_set (crq); get_unit_crq_set (crq); - get_locality_crq_set (crq); - get_state_crq_set (crq); get_cn_crq_set (crq); get_dc_set (TYPE_CRQ, crq); get_uid_crq_set (crq); |