summaryrefslogtreecommitdiff
path: root/src/pki/commands/issue.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-08-09 09:43:35 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-08-09 09:43:35 +0000
commit9e7fb8577802de2abf191d783be5b6b953c22271 (patch)
treee6818532d3a85a8a840652f6dfc0d58d42c89a69 /src/pki/commands/issue.c
parent20e652eab94f898365fdde046ed11a2dda2f165e (diff)
downloadvyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.tar.gz
vyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.zip
New upstream release.
Diffstat (limited to 'src/pki/commands/issue.c')
-rw-r--r--src/pki/commands/issue.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index fcd758f87..2002cd555 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -28,6 +28,7 @@
*/
static int issue()
{
+ cred_encoding_type_t form = CERT_ASN1_DER;
hash_algorithm_t digest = HASH_SHA1;
certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL;
private_key_t *private = NULL;
@@ -37,7 +38,7 @@ static int issue()
char *error = NULL;
identification_t *id = NULL;
linked_list_t *san, *cdps, *ocsp;
- int lifetime = 1080;
+ int lifetime = 1095;
int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
chunk_t serial = chunk_empty;
chunk_t encoding = chunk_empty;
@@ -107,7 +108,7 @@ static int issue()
case 'p':
pathlen = atoi(arg);
continue;
- case 'f':
+ case 'e':
if (streq(arg, "serverAuth"))
{
flags |= X509_SERVER_AUTH;
@@ -121,6 +122,12 @@ static int issue()
flags |= X509_OCSP_SIGNER;
}
continue;
+ case 'f':
+ if (!get_form(arg, &form, CRED_CERTIFICATE))
+ {
+ return command_usage("invalid output format");
+ }
+ continue;
case 'u':
cdps->insert_last(cdps, arg);
continue;
@@ -301,8 +308,7 @@ static int issue()
error = "generating certificate failed";
goto end;
}
- encoding = cert->get_encoding(cert);
- if (!encoding.ptr)
+ if (!cert->get_encoding(cert, form, &encoding))
{
error = "encoding certificate failed";
goto end;
@@ -352,7 +358,7 @@ static void __attribute__ ((constructor))reg()
" --cacert file --cakey file --dn subject-dn [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
"[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512]"},
+ "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "public key/request file to issue, default: stdin"},
@@ -361,14 +367,15 @@ static void __attribute__ ((constructor))reg()
{"cakey", 'k', 1, "CA private key file"},
{"dn", 'd', 1, "distinguished name to include as subject"},
{"san", 'a', 1, "subjectAltName to include in certificate"},
- {"lifetime",'l', 1, "days the certificate is valid, default: 1080"},
+ {"lifetime",'l', 1, "days the certificate is valid, default: 1095"},
{"serial", 's', 1, "serial number in hex, default: random"},
{"ca", 'b', 0, "include CA basicConstraint, default: no"},
{"pathlen", 'p', 1, "set path length constraint"},
- {"flag", 'f', 1, "include extendedKeyUsage flag"},
+ {"flag", 'e', 1, "include extendedKeyUsage flag"},
{"crl", 'u', 1, "CRL distribution point URI to include"},
{"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
{"digest", 'g', 1, "digest for signature creation, default: sha1"},
+ {"outform", 'f', 1, "encoding of generated cert, default: der"},
}
});
}