diff options
Diffstat (limited to 'src/pki/commands/signcrl.c')
| -rw-r--r-- | src/pki/commands/signcrl.c | 68 |
1 files changed, 4 insertions, 64 deletions
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 07e4add48..9a21bd99c 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -98,8 +98,6 @@ static int read_serial(char *file, char *buf, int buflen) } /** -<<<<<<< HEAD -======= * Destroy a CDP */ static void cdp_destroy(x509_cdp_t *this) @@ -109,7 +107,6 @@ static void cdp_destroy(x509_cdp_t *this) } /** ->>>>>>> upstream/4.5.1 * Sign a CRL */ static int sign_crl() @@ -122,22 +119,12 @@ static int sign_crl() x509_t *x509; hash_algorithm_t digest = HASH_SHA1; char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL; -<<<<<<< HEAD -======= char *basecrl = NULL; ->>>>>>> upstream/4.5.1 char serial[512], crl_serial[8], *keyid = NULL; int serial_len = 0; crl_reason_t reason = CRL_REASON_UNSPECIFIED; time_t thisUpdate, nextUpdate, date = time(NULL); int lifetime = 15; -<<<<<<< HEAD - linked_list_t *list; - enumerator_t *enumerator, *lastenum = NULL; - chunk_t encoding = chunk_empty; - - list = linked_list_create(); -======= linked_list_t *list, *cdps; enumerator_t *enumerator, *lastenum = NULL; x509_cdp_t *cdp; @@ -145,7 +132,6 @@ static int sign_crl() list = linked_list_create(); cdps = linked_list_create(); ->>>>>>> upstream/4.5.1 memset(crl_serial, 0, sizeof(crl_serial)); @@ -216,8 +202,6 @@ static int sign_crl() reason = CRL_REASON_UNSPECIFIED; continue; } -<<<<<<< HEAD -======= case 'b': basecrl = arg; continue; @@ -227,7 +211,6 @@ static int sign_crl() ); cdps->insert_last(cdps, cdp); continue; ->>>>>>> upstream/4.5.1 case 'r': if (streq(arg, "key-compromise")) { @@ -255,7 +238,8 @@ static int sign_crl() } else { - return command_usage( "invalid revocation reason"); + error = "invalid revocation reason"; + goto usage; } continue; case 'd': @@ -269,7 +253,8 @@ static int sign_crl() case 'f': if (!get_form(arg, &form, CRED_CERTIFICATE)) { - return command_usage("invalid output format"); + error = "invalid output format"; + goto usage; } continue; case EOF: @@ -300,15 +285,9 @@ static int sign_crl() goto error; } x509 = (x509_t*)ca; -<<<<<<< HEAD - if (!(x509->get_flags(x509) & X509_CA)) - { - error = "CA certificate misses CA basicConstraint"; -======= if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN))) { error = "CA certificate misses CA basicConstraint / CRLSign keyUsage"; ->>>>>>> upstream/4.5.1 goto error; } public = ca->get_public_key(ca); @@ -346,8 +325,6 @@ static int sign_crl() thisUpdate = time(NULL); nextUpdate = thisUpdate + lifetime * 24 * 60 * 60; -<<<<<<< HEAD -======= if (basecrl) { lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -364,7 +341,6 @@ static int sign_crl() lastcrl = NULL; } ->>>>>>> upstream/4.5.1 if (lastupdate) { lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -378,13 +354,10 @@ static int sign_crl() min(lastcrl->get_serial(lastcrl).len, sizeof(crl_serial))); lastenum = lastcrl->create_enumerator(lastcrl); } -<<<<<<< HEAD -======= else { lastenum = enumerator_create_empty(); } ->>>>>>> upstream/4.5.1 chunk_increment(chunk_create(crl_serial, sizeof(crl_serial))); @@ -394,20 +367,12 @@ static int sign_crl() BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca, BUILD_SERIAL, chunk_create(crl_serial, sizeof(crl_serial)), BUILD_NOT_BEFORE_TIME, thisUpdate, BUILD_NOT_AFTER_TIME, nextUpdate, -<<<<<<< HEAD - BUILD_REVOKED_ENUMERATOR, enumerator, BUILD_DIGEST_ALG, digest, - lastenum ? BUILD_REVOKED_ENUMERATOR : BUILD_END, lastenum, - BUILD_END); - enumerator->destroy(enumerator); - DESTROY_IF(lastenum); -======= BUILD_REVOKED_ENUMERATOR, enumerator, BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_DIGEST_ALG, digest, BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_BASE_CRL, baseCrlNumber, BUILD_END); enumerator->destroy(enumerator); lastenum->destroy(lastenum); ->>>>>>> upstream/4.5.1 DESTROY_IF((certificate_t*)lastcrl); if (!crl) @@ -432,13 +397,9 @@ error: DESTROY_IF(ca); DESTROY_IF(crl); free(encoding.ptr); -<<<<<<< HEAD - list->destroy_function(list, (void*)revoked_destroy); -======= free(baseCrlNumber.ptr); list->destroy_function(list, (void*)revoked_destroy); cdps->destroy_function(cdps, (void*)cdp_destroy); ->>>>>>> upstream/4.5.1 if (error) { fprintf(stderr, "%s\n", error); @@ -448,10 +409,7 @@ error: usage: list->destroy_function(list, (void*)revoked_destroy); -<<<<<<< HEAD -======= cdps->destroy_function(cdps, (void*)cdp_destroy); ->>>>>>> upstream/4.5.1 return command_usage(error); } @@ -464,30 +422,13 @@ static void __attribute__ ((constructor))reg() sign_crl, 'c', "signcrl", "issue a CRL using a CA certificate and key", {"--cacert file --cakey file | --cakeyid hex --lifetime days", -<<<<<<< HEAD -======= "[--lastcrl crl] [--basecrl crl] [--crluri uri ]+", ->>>>>>> upstream/4.5.1 "[ [--reason key-compromise|ca-compromise|affiliation-changed|", " superseded|cessation-of-operation|certificate-hold]", " [--date timestamp]", " --cert file | --serial hex ]*", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { -<<<<<<< HEAD - {"help", 'h', 0, "show usage information"}, - {"cacert", 'c', 1, "CA certificate file"}, - {"cakey", 'k', 1, "CA private key file"}, - {"cakeyid", 'x', 1, "keyid on smartcard of CA private key"}, - {"lifetime",'l', 1, "days the CRL gets a nextUpdate, default: 15"}, - {"lastcrl", 'a', 1, "CRL of lastUpdate to copy revocations from"}, - {"cert", 'z', 1, "certificate file to revoke"}, - {"serial", 's', 1, "hex encoded certificate serial number to revoke"}, - {"reason", 'r', 1, "reason for certificate revocation"}, - {"date", 'd', 1, "revocation date as unix timestamp, default: now"}, - {"digest", 'g', 1, "digest for signature creation, default: sha1"}, - {"outform", 'f', 1, "encoding of generated crl, default: der"}, -======= {"help", 'h', 0, "show usage information"}, {"cacert", 'c', 1, "CA certificate file"}, {"cakey", 'k', 1, "CA private key file"}, @@ -502,7 +443,6 @@ static void __attribute__ ((constructor))reg() {"date", 'd', 1, "revocation date as unix timestamp, default: now"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"outform", 'f', 1, "encoding of generated crl, default: der"}, ->>>>>>> upstream/4.5.1 } }); } |