diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-08-09 09:43:35 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-08-09 09:43:35 +0000 |
commit | 9e7fb8577802de2abf191d783be5b6b953c22271 (patch) | |
tree | e6818532d3a85a8a840652f6dfc0d58d42c89a69 /src/pki/commands/issue.c | |
parent | 20e652eab94f898365fdde046ed11a2dda2f165e (diff) | |
download | vyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.tar.gz vyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.zip |
New upstream release.
Diffstat (limited to 'src/pki/commands/issue.c')
-rw-r--r-- | src/pki/commands/issue.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index fcd758f87..2002cd555 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -28,6 +28,7 @@ */ static int issue() { + cred_encoding_type_t form = CERT_ASN1_DER; hash_algorithm_t digest = HASH_SHA1; certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL; private_key_t *private = NULL; @@ -37,7 +38,7 @@ static int issue() char *error = NULL; identification_t *id = NULL; linked_list_t *san, *cdps, *ocsp; - int lifetime = 1080; + int lifetime = 1095; int pathlen = X509_NO_PATH_LEN_CONSTRAINT; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; @@ -107,7 +108,7 @@ static int issue() case 'p': pathlen = atoi(arg); continue; - case 'f': + case 'e': if (streq(arg, "serverAuth")) { flags |= X509_SERVER_AUTH; @@ -121,6 +122,12 @@ static int issue() flags |= X509_OCSP_SIGNER; } continue; + case 'f': + if (!get_form(arg, &form, CRED_CERTIFICATE)) + { + return command_usage("invalid output format"); + } + continue; case 'u': cdps->insert_last(cdps, arg); continue; @@ -301,8 +308,7 @@ static int issue() error = "generating certificate failed"; goto end; } - encoding = cert->get_encoding(cert); - if (!encoding.ptr) + if (!cert->get_encoding(cert, form, &encoding)) { error = "encoding certificate failed"; goto end; @@ -352,7 +358,7 @@ static void __attribute__ ((constructor))reg() " --cacert file --cakey file --dn subject-dn [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+", "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+", - "[--digest md5|sha1|sha224|sha256|sha384|sha512]"}, + "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "public key/request file to issue, default: stdin"}, @@ -361,14 +367,15 @@ static void __attribute__ ((constructor))reg() {"cakey", 'k', 1, "CA private key file"}, {"dn", 'd', 1, "distinguished name to include as subject"}, {"san", 'a', 1, "subjectAltName to include in certificate"}, - {"lifetime",'l', 1, "days the certificate is valid, default: 1080"}, + {"lifetime",'l', 1, "days the certificate is valid, default: 1095"}, {"serial", 's', 1, "serial number in hex, default: random"}, {"ca", 'b', 0, "include CA basicConstraint, default: no"}, {"pathlen", 'p', 1, "set path length constraint"}, - {"flag", 'f', 1, "include extendedKeyUsage flag"}, + {"flag", 'e', 1, "include extendedKeyUsage flag"}, {"crl", 'u', 1, "CRL distribution point URI to include"}, {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + {"outform", 'f', 1, "encoding of generated cert, default: der"}, } }); } |