[svn-upgrade] new version strongswan (4.4.1)

1 files changed, 14 insertions, 7 deletions

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index fcd758f87..2002cd555 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -28,6 +28,7 @@
  */
 static int issue()
 {
+	cred_encoding_type_t form = CERT_ASN1_DER;
 	hash_algorithm_t digest = HASH_SHA1;
 	certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL;
 	private_key_t *private = NULL;
@@ -37,7 +38,7 @@ static int issue()
 	char *error = NULL;
 	identification_t *id = NULL;
 	linked_list_t *san, *cdps, *ocsp;
-	int lifetime = 1080;
+	int lifetime = 1095;
 	int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
 	chunk_t serial = chunk_empty;
 	chunk_t encoding = chunk_empty;
@@ -107,7 +108,7 @@ static int issue()
 			case 'p':
 				pathlen = atoi(arg);
 				continue;
-			case 'f':
+			case 'e':
 				if (streq(arg, "serverAuth"))
 				{
 					flags |= X509_SERVER_AUTH;
@@ -121,6 +122,12 @@ static int issue()
 					flags |= X509_OCSP_SIGNER;
 				}
 				continue;
+			case 'f':
+				if (!get_form(arg, &form, CRED_CERTIFICATE))
+				{
+					return command_usage("invalid output format");
+				}
+				continue;
 			case 'u':
 				cdps->insert_last(cdps, arg);
 				continue;
@@ -301,8 +308,7 @@ static int issue()
 		error = "generating certificate failed";
 		goto end;
 	}
-	encoding = cert->get_encoding(cert);
-	if (!encoding.ptr)
+	if (!cert->get_encoding(cert, form, &encoding))
 	{
 		error = "encoding certificate failed";
 		goto end;
@@ -352,7 +358,7 @@ static void __attribute__ ((constructor))reg()
 		 " --cacert file --cakey file --dn subject-dn [--san subjectAltName]+",
 		 "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
 		 "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
-		 "[--digest md5|sha1|sha224|sha256|sha384|sha512]"},
+		 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "public key/request file to issue, default: stdin"},
@@ -361,14 +367,15 @@ static void __attribute__ ((constructor))reg()
 			{"cakey",	'k', 1, "CA private key file"},
 			{"dn",		'd', 1, "distinguished name to include as subject"},
 			{"san",		'a', 1, "subjectAltName to include in certificate"},
-			{"lifetime",'l', 1, "days the certificate is valid, default: 1080"},
+			{"lifetime",'l', 1, "days the certificate is valid, default: 1095"},
 			{"serial",	's', 1, "serial number in hex, default: random"},
 			{"ca",		'b', 0, "include CA basicConstraint, default: no"},
 			{"pathlen",	'p', 1, "set path length constraint"},
-			{"flag",	'f', 1, "include extendedKeyUsage flag"},
+			{"flag",	'e', 1, "include extendedKeyUsage flag"},
 			{"crl",		'u', 1, "CRL distribution point URI to include"},
 			{"ocsp",	'o', 1, "OCSP AuthorityInfoAccess URI to include"},
 			{"digest",	'g', 1, "digest for signature creation, default: sha1"},
+			{"outform",	'f', 1, "encoding of generated cert, default: der"},
 		}
 	});
 }