summaryrefslogtreecommitdiff
path: root/src/pki/commands
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki/commands')
-rw-r--r--src/pki/commands/issue.c16
-rw-r--r--src/pki/commands/print.c4
-rw-r--r--src/pki/commands/req.c4
-rw-r--r--src/pki/commands/self.c16
-rw-r--r--src/pki/commands/signcrl.c4
-rw-r--r--src/pki/commands/verify.c2
6 files changed, 29 insertions, 17 deletions
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 20163edf2..47e668b6c 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -105,8 +105,8 @@ static int issue()
}
continue;
case 'g':
- digest = get_digest(arg);
- if (digest == HASH_UNKNOWN)
+ digest = enum_from_name(hash_algorithm_short_names, arg);
+ if (digest == -1)
{
error = "invalid --digest type";
goto usage;
@@ -229,6 +229,10 @@ static int issue()
{
flags |= X509_CLIENT_AUTH;
}
+ else if (streq(arg, "ikeIntermediate"))
+ {
+ flags |= X509_IKE_INTERMEDIATE;
+ }
else if (streq(arg, "crlSign"))
{
flags |= X509_CRL_SIGN;
@@ -352,11 +356,11 @@ static int issue()
error = "no random number generator found";
goto end;
}
- rng->allocate_bytes(rng, 8, &serial);
- while (*serial.ptr == 0x00)
+ if (!rng_allocate_bytes_not_zero(rng, 8, &serial, FALSE))
{
- /* we don't accept a serial number with leading zeroes */
- rng->get_bytes(rng, 1, serial.ptr);
+ error = "failed to generate serial number";
+ rng->destroy(rng);
+ goto end;
}
rng->destroy(rng);
}
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index a7f02bfac..90cf254c8 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -133,6 +133,10 @@ static void print_x509(x509_t *x509)
{
printf("clientAuth ");
}
+ if (flags & X509_IKE_INTERMEDIATE)
+ {
+ printf("iKEIntermediate ");
+ }
if (flags & X509_SELF_SIGNED)
{
printf("self-signed ");
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 087a97b3e..d050c7032 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -63,8 +63,8 @@ static int req()
}
continue;
case 'g':
- digest = get_digest(arg);
- if (digest == HASH_UNKNOWN)
+ digest = enum_from_name(hash_algorithm_short_names, arg);
+ if (digest == -1)
{
error = "invalid --digest type";
goto usage;
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index c4508a671..4a50aa463 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -94,8 +94,8 @@ static int self()
}
continue;
case 'g':
- digest = get_digest(arg);
- if (digest == HASH_UNKNOWN)
+ digest = enum_from_name(hash_algorithm_short_names, arg);
+ if (digest == -1)
{
error = "invalid --digest type";
goto usage;
@@ -212,6 +212,10 @@ static int self()
{
flags |= X509_CLIENT_AUTH;
}
+ else if (streq(arg, "ikeIntermediate"))
+ {
+ flags |= X509_IKE_INTERMEDIATE;
+ }
else if (streq(arg, "crlSign"))
{
flags |= X509_CRL_SIGN;
@@ -294,11 +298,11 @@ static int self()
error = "no random number generator found";
goto end;
}
- rng->allocate_bytes(rng, 8, &serial);
- while (*serial.ptr == 0x00)
+ if (!rng_allocate_bytes_not_zero(rng, 8, &serial, FALSE))
{
- /* we don't accept a serial number with leading zeroes */
- rng->get_bytes(rng, 1, serial.ptr);
+ error = "failed to generate serial number";
+ rng->destroy(rng);
+ goto end;
}
rng->destroy(rng);
}
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 153734f53..4ada120ed 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -141,8 +141,8 @@ static int sign_crl()
case 'h':
goto usage;
case 'g':
- digest = get_digest(arg);
- if (digest == HASH_UNKNOWN)
+ digest = enum_from_name(hash_algorithm_short_names, arg);
+ if (digest == -1)
{
error = "invalid --digest type";
goto usage;
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index bbcc53891..3e983d3ec 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -77,7 +77,7 @@ static int verify()
{
ca = cert;
}
- if (cert->issued_by(cert, ca))
+ if (cert->issued_by(cert, ca, NULL))
{
if (cert->get_validity(cert, NULL, NULL, NULL))
{
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 10:24:49 +0000