summaryrefslogtreecommitdiff
path: root/src/pki
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki')
-rw-r--r--src/pki/Makefile.in12
-rw-r--r--src/pki/command.c4
-rw-r--r--src/pki/command.h4
-rw-r--r--src/pki/commands/issue.c85
-rw-r--r--src/pki/commands/print.c43
-rw-r--r--src/pki/commands/req.c3
-rw-r--r--src/pki/commands/self.c55
-rw-r--r--src/pki/commands/signcrl.c68
8 files changed, 9 insertions, 265 deletions
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 701413f8f..b29174680 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -197,13 +197,7 @@ includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
-<<<<<<< HEAD
-ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
-ipsecuid = @ipsecuid@
-=======
-ipsecgroup = @ipsecgroup@
->>>>>>> upstream/4.5.1
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -224,6 +218,8 @@ nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
pki_plugins = @pki_plugins@
@@ -242,14 +238,12 @@ sbindir = @sbindir@
scepclient_plugins = @scepclient_plugins@
scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
-<<<<<<< HEAD
-=======
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
->>>>>>> upstream/4.5.1
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
diff --git a/src/pki/command.c b/src/pki/command.c
index 245b22af3..0142b4ab7 100644
--- a/src/pki/command.c
+++ b/src/pki/command.c
@@ -201,11 +201,7 @@ int command_usage(char *error)
}
for (i = 0; cmds[active].options[i].name; i++)
{
-<<<<<<< HEAD
- fprintf(out, " --%-8s (-%c) %s\n",
-=======
fprintf(out, " --%-15s (-%c) %s\n",
->>>>>>> upstream/4.5.1
cmds[active].options[i].name, cmds[active].options[i].op,
cmds[active].options[i].desc);
}
diff --git a/src/pki/command.h b/src/pki/command.h
index 70a26f712..a6f8bc758 100644
--- a/src/pki/command.h
+++ b/src/pki/command.h
@@ -29,11 +29,7 @@
/**
* Maximum number of options in a command (+1)
*/
-<<<<<<< HEAD
-#define MAX_OPTIONS 20
-=======
#define MAX_OPTIONS 32
->>>>>>> upstream/4.5.1
/**
* Maximum number of usage summary lines (+1)
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index c6fd50029..6a5686d92 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -18,18 +18,13 @@
#include "pki.h"
#include <debug.h>
-<<<<<<< HEAD
-=======
#include <asn1/asn1.h>
->>>>>>> upstream/4.5.1
#include <utils/linked_list.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
#include <credentials/certificates/pkcs10.h>
/**
-<<<<<<< HEAD
-=======
* Free cert policy with OID
*/
static void destroy_cert_policy(x509_cert_policy_t *policy)
@@ -58,7 +53,6 @@ static void destroy_cdp(x509_cdp_t *this)
}
/**
->>>>>>> upstream/4.5.1
* Issue a certificate using a CA certificate and key
*/
static int issue()
@@ -72,38 +66,26 @@ static int issue()
char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL;
char *error = NULL, *keyid = NULL;
identification_t *id = NULL;
-<<<<<<< HEAD
- linked_list_t *san, *cdps, *ocsp;
- int lifetime = 1095;
- int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
-=======
linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings;
int lifetime = 1095;
int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT;
int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT;
->>>>>>> upstream/4.5.1
chunk_t serial = chunk_empty;
chunk_t encoding = chunk_empty;
time_t not_before, not_after;
x509_flag_t flags = 0;
x509_t *x509;
-<<<<<<< HEAD
-=======
x509_cdp_t *cdp = NULL;
x509_cert_policy_t *policy = NULL;
->>>>>>> upstream/4.5.1
char *arg;
san = linked_list_create();
cdps = linked_list_create();
ocsp = linked_list_create();
-<<<<<<< HEAD
-=======
permitted = linked_list_create();
excluded = linked_list_create();
policies = linked_list_create();
mappings = linked_list_create();
->>>>>>> upstream/4.5.1
while (TRUE)
{
@@ -165,8 +147,6 @@ static int issue()
case 'p':
pathlen = atoi(arg);
continue;
-<<<<<<< HEAD
-=======
case 'n':
permitted->insert_last(permitted,
identification_create_from_string(arg));
@@ -240,7 +220,6 @@ static int issue()
case 'A':
inhibit_any = atoi(arg);
continue;
->>>>>>> upstream/4.5.1
case 'e':
if (streq(arg, "serverAuth"))
{
@@ -250,13 +229,10 @@ static int issue()
{
flags |= X509_CLIENT_AUTH;
}
-<<<<<<< HEAD
-=======
else if (streq(arg, "crlSign"))
{
flags |= X509_CRL_SIGN;
}
->>>>>>> upstream/4.5.1
else if (streq(arg, "ocspSigning"))
{
flags |= X509_OCSP_SIGNER;
@@ -265,13 +241,6 @@ static int issue()
case 'f':
if (!get_form(arg, &form, CRED_CERTIFICATE))
{
-<<<<<<< HEAD
- return command_usage("invalid output format");
- }
- continue;
- case 'u':
- cdps->insert_last(cdps, arg);
-=======
error = "invalid output format";
goto usage;
}
@@ -289,7 +258,6 @@ static int issue()
goto usage;
}
cdp->issuer = identification_create_from_string(arg);
->>>>>>> upstream/4.5.1
continue;
case 'o':
ocsp->insert_last(ocsp, arg);
@@ -302,15 +270,6 @@ static int issue()
}
break;
}
-<<<<<<< HEAD
-
- if (!pkcs10 && !dn)
- {
- error = "--dn is required";
- goto usage;
- }
-=======
->>>>>>> upstream/4.5.1
if (!cacert)
{
error = "--cacert is required";
@@ -321,11 +280,7 @@ static int issue()
error = "--cakey or --keyid is required";
goto usage;
}
-<<<<<<< HEAD
- if (dn)
-=======
if (dn && *dn)
->>>>>>> upstream/4.5.1
{
id = identification_create_from_string(dn);
if (id->get_type(id) != ID_DER_ASN1_DN)
@@ -470,15 +425,12 @@ static int issue()
goto end;
}
-<<<<<<< HEAD
-=======
if (!id)
{
id = identification_create_from_encoding(ID_DER_ASN1_DN,
chunk_from_chars(ASN1_SEQUENCE, 0));
}
->>>>>>> upstream/4.5.1
not_before = time(NULL);
not_after = not_before + lifetime * 24 * 60 * 60;
@@ -490,9 +442,6 @@ static int issue()
BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags,
BUILD_PATHLEN, pathlen,
BUILD_CRL_DISTRIBUTION_POINTS, cdps,
-<<<<<<< HEAD
- BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END);
-=======
BUILD_OCSP_ACCESS_LOCATIONS, ocsp,
BUILD_PERMITTED_NAME_CONSTRAINTS, permitted,
BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded,
@@ -502,7 +451,6 @@ static int issue()
BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping,
BUILD_POLICY_INHIBIT_ANY, inhibit_any,
BUILD_END);
->>>>>>> upstream/4.5.1
if (!cert)
{
error = "generating certificate failed";
@@ -527,15 +475,11 @@ end:
DESTROY_IF(public);
DESTROY_IF(private);
san->destroy_offset(san, offsetof(identification_t, destroy));
-<<<<<<< HEAD
- cdps->destroy(cdps);
-=======
permitted->destroy_offset(permitted, offsetof(identification_t, destroy));
excluded->destroy_offset(excluded, offsetof(identification_t, destroy));
policies->destroy_function(policies, (void*)destroy_cert_policy);
mappings->destroy_function(mappings, (void*)destroy_policy_mapping);
cdps->destroy_function(cdps, (void*)destroy_cdp);
->>>>>>> upstream/4.5.1
ocsp->destroy(ocsp);
free(encoding.ptr);
free(serial.ptr);
@@ -549,15 +493,11 @@ end:
usage:
san->destroy_offset(san, offsetof(identification_t, destroy));
-<<<<<<< HEAD
- cdps->destroy(cdps);
-=======
permitted->destroy_offset(permitted, offsetof(identification_t, destroy));
excluded->destroy_offset(excluded, offsetof(identification_t, destroy));
policies->destroy_function(policies, (void*)destroy_cert_policy);
mappings->destroy_function(mappings, (void*)destroy_policy_mapping);
cdps->destroy_function(cdps, (void*)destroy_cdp);
->>>>>>> upstream/4.5.1
ocsp->destroy(ocsp);
return command_usage(error);
}
@@ -571,30 +511,6 @@ static void __attribute__ ((constructor))reg()
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
{"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex",
-<<<<<<< HEAD
- " --cacert file --dn subject-dn [--san subjectAltName]+",
- "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
- "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
- {
- {"help", 'h', 0, "show usage information"},
- {"in", 'i', 1, "public key/request file to issue, default: stdin"},
- {"type", 't', 1, "type of input, default: pub"},
- {"cacert", 'c', 1, "CA certificate file"},
- {"cakey", 'k', 1, "CA private key file"},
- {"cakeyid", 'x', 1, "keyid on smartcard of CA private key"},
- {"dn", 'd', 1, "distinguished name to include as subject"},
- {"san", 'a', 1, "subjectAltName to include in certificate"},
- {"lifetime",'l', 1, "days the certificate is valid, default: 1095"},
- {"serial", 's', 1, "serial number in hex, default: random"},
- {"ca", 'b', 0, "include CA basicConstraint, default: no"},
- {"pathlen", 'p', 1, "set path length constraint"},
- {"flag", 'e', 1, "include extendedKeyUsage flag"},
- {"crl", 'u', 1, "CRL distribution point URI to include"},
- {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
- {"digest", 'g', 1, "digest for signature creation, default: sha1"},
- {"outform", 'f', 1, "encoding of generated cert, default: der"},
-=======
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--crl uri [--crlissuer i] ]+ [--ocsp uri]+",
"[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
@@ -631,7 +547,6 @@ static void __attribute__ ((constructor))reg()
{"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
{"digest", 'g', 1, "digest for signature creation, default: sha1"},
{"outform", 'f', 1, "encoding of generated cert, default: der"},
->>>>>>> upstream/4.5.1
}
});
}
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index b2716f6a8..ee6f30c98 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -15,10 +15,7 @@
#include "pki.h"
-<<<<<<< HEAD
-=======
#include <asn1/asn1.h>
->>>>>>> upstream/4.5.1
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
#include <credentials/certificates/crl.h>
@@ -76,16 +73,11 @@ static void print_x509(x509_t *x509)
chunk_t chunk;
bool first;
char *uri;
-<<<<<<< HEAD
- int len;
- x509_flag_t flags;
-=======
int len, explicit, inhibit;
x509_flag_t flags;
x509_cdp_t *cdp;
x509_cert_policy_t *policy;
x509_policy_mapping_t *mapping;
->>>>>>> upstream/4.5.1
chunk = x509->get_serial(x509);
printf("serial: %#B\n", &chunk);
@@ -117,13 +109,10 @@ static void print_x509(x509_t *x509)
{
printf("CA ");
}
-<<<<<<< HEAD
-=======
if (flags & X509_CRL_SIGN)
{
printf("CRLSign ");
}
->>>>>>> upstream/4.5.1
if (flags & X509_AA)
{
printf("AA ");
@@ -152,27 +141,15 @@ static void print_x509(x509_t *x509)
first = TRUE;
enumerator = x509->create_crl_uri_enumerator(x509);
-<<<<<<< HEAD
- while (enumerator->enumerate(enumerator, &uri))
- {
- if (first)
- {
- printf("CRL URIs: %s\n", uri);
-=======
while (enumerator->enumerate(enumerator, &cdp))
{
if (first)
{
printf("CRL URIs: %s", cdp->uri);
->>>>>>> upstream/4.5.1
first = FALSE;
}
else
{
-<<<<<<< HEAD
- printf(" %s\n", uri);
- }
-=======
printf(" %s", cdp->uri);
}
if (cdp->issuer)
@@ -180,7 +157,6 @@ static void print_x509(x509_t *x509)
printf(" (CRL issuer: %Y)", cdp->issuer);
}
printf("\n");
->>>>>>> upstream/4.5.1
}
enumerator->destroy(enumerator);
@@ -200,19 +176,12 @@ static void print_x509(x509_t *x509)
}
enumerator->destroy(enumerator);
-<<<<<<< HEAD
- len = x509->get_pathLenConstraint(x509);
- if (len != X509_NO_PATH_LEN_CONSTRAINT)
-=======
len = x509->get_constraint(x509, X509_PATH_LEN);
if (len != X509_NO_CONSTRAINT)
->>>>>>> upstream/4.5.1
{
printf("pathlen: %d\n", len);
}
-<<<<<<< HEAD
-=======
first = TRUE;
enumerator = x509->create_name_constraint_enumerator(x509, TRUE);
while (enumerator->enumerate(enumerator, &id))
@@ -312,7 +281,6 @@ static void print_x509(x509_t *x509)
}
}
->>>>>>> upstream/4.5.1
chunk = x509->get_authKeyIdentifier(x509);
if (chunk.ptr)
{
@@ -356,16 +324,6 @@ static void print_crl(crl_t *crl)
crl_reason_t reason;
chunk_t chunk;
int count = 0;
-<<<<<<< HEAD
- char buf[64];
- struct tm tm;
-
- chunk = crl->get_serial(crl);
- printf("serial: %#B\n", &chunk);
- chunk = crl->get_authKeyIdentifier(crl);
- printf("authKeyId: %#B\n", &chunk);
-
-=======
bool first;
char buf[64];
struct tm tm;
@@ -401,7 +359,6 @@ static void print_crl(crl_t *crl)
}
enumerator->destroy(enumerator);
->>>>>>> upstream/4.5.1
enumerator = crl->create_enumerator(crl);
while (enumerator->enumerate(enumerator, &chunk, &ts, &reason))
{
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index d1ca45e1a..087a97b3e 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -85,7 +85,8 @@ static int req()
case 'f':
if (!get_form(arg, &form, CRED_CERTIFICATE))
{
- return command_usage("invalid output format");
+ error = "invalid output format";
+ goto usage;
}
continue;
case EOF:
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 7f46d3324..c7788ff62 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -20,8 +20,6 @@
#include <utils/linked_list.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
-<<<<<<< HEAD
-=======
#include <asn1/asn1.h>
/**
@@ -42,7 +40,6 @@ static void destroy_policy_mapping(x509_policy_mapping_t *mapping)
free(mapping->subject.ptr);
free(mapping);
}
->>>>>>> upstream/4.5.1
/**
* Create a self signed certificate.
@@ -57,35 +54,23 @@ static int self()
public_key_t *public = NULL;
char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL, *keyid = NULL;
identification_t *id = NULL;
-<<<<<<< HEAD
- linked_list_t *san, *ocsp;
- int lifetime = 1095;
- int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
-=======
linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings;
int lifetime = 1095;
int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT;
int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT;
->>>>>>> upstream/4.5.1
chunk_t serial = chunk_empty;
chunk_t encoding = chunk_empty;
time_t not_before, not_after;
x509_flag_t flags = 0;
-<<<<<<< HEAD
-=======
x509_cert_policy_t *policy = NULL;
->>>>>>> upstream/4.5.1
char *arg;
san = linked_list_create();
ocsp = linked_list_create();
-<<<<<<< HEAD
-=======
permitted = linked_list_create();
excluded = linked_list_create();
policies = linked_list_create();
mappings = linked_list_create();
->>>>>>> upstream/4.5.1
while (TRUE)
{
@@ -145,8 +130,6 @@ static int self()
case 'p':
pathlen = atoi(arg);
continue;
-<<<<<<< HEAD
-=======
case 'n':
permitted->insert_last(permitted,
identification_create_from_string(arg));
@@ -220,7 +203,6 @@ static int self()
case 'A':
inhibit_any = atoi(arg);
continue;
->>>>>>> upstream/4.5.1
case 'e':
if (streq(arg, "serverAuth"))
{
@@ -230,13 +212,10 @@ static int self()
{
flags |= X509_CLIENT_AUTH;
}
-<<<<<<< HEAD
-=======
else if (streq(arg, "crlSign"))
{
flags |= X509_CRL_SIGN;
}
->>>>>>> upstream/4.5.1
else if (streq(arg, "ocspSigning"))
{
flags |= X509_OCSP_SIGNER;
@@ -245,12 +224,8 @@ static int self()
case 'f':
if (!get_form(arg, &form, CRED_CERTIFICATE))
{
-<<<<<<< HEAD
- return command_usage("invalid output format");
-=======
error = "invalid output format";
goto usage;
->>>>>>> upstream/4.5.1
}
continue;
case 'o':
@@ -335,9 +310,6 @@ static int self()
BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial,
BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags,
BUILD_PATHLEN, pathlen, BUILD_SUBJECT_ALTNAMES, san,
-<<<<<<< HEAD
- BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END);
-=======
BUILD_OCSP_ACCESS_LOCATIONS, ocsp,
BUILD_PERMITTED_NAME_CONSTRAINTS, permitted,
BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded,
@@ -347,7 +319,6 @@ static int self()
BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping,
BUILD_POLICY_INHIBIT_ANY, inhibit_any,
BUILD_END);
->>>>>>> upstream/4.5.1
if (!cert)
{
error = "generating certificate failed";
@@ -370,13 +341,10 @@ end:
DESTROY_IF(public);
DESTROY_IF(private);
san->destroy_offset(san, offsetof(identification_t, destroy));
-<<<<<<< HEAD
-=======
permitted->destroy_offset(permitted, offsetof(identification_t, destroy));
excluded->destroy_offset(excluded, offsetof(identification_t, destroy));
policies->destroy_function(policies, (void*)destroy_cert_policy);
mappings->destroy_function(mappings, (void*)destroy_policy_mapping);
->>>>>>> upstream/4.5.1
ocsp->destroy(ocsp);
free(encoding.ptr);
free(serial.ptr);
@@ -390,13 +358,10 @@ end:
usage:
san->destroy_offset(san, offsetof(identification_t, destroy));
-<<<<<<< HEAD
-=======
permitted->destroy_offset(permitted, offsetof(identification_t, destroy));
excluded->destroy_offset(excluded, offsetof(identification_t, destroy));
policies->destroy_function(policies, (void*)destroy_cert_policy);
mappings->destroy_function(mappings, (void*)destroy_policy_mapping);
->>>>>>> upstream/4.5.1
ocsp->destroy(ocsp);
return command_usage(error);
}
@@ -412,25 +377,6 @@ static void __attribute__ ((constructor))reg()
{"[--in file | --keyid hex] [--type rsa|ecdsa]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
-<<<<<<< HEAD
- "[--flag serverAuth|clientAuth|ocspSigning]+",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
- {
- {"help", 'h', 0, "show usage information"},
- {"in", 'i', 1, "private key input file, default: stdin"},
- {"keyid", 'x', 1, "keyid on smartcard of private key"},
- {"type", 't', 1, "type of input key, default: rsa"},
- {"dn", 'd', 1, "subject and issuer distinguished name"},
- {"san", 'a', 1, "subjectAltName to include in certificate"},
- {"lifetime",'l', 1, "days the certificate is valid, default: 1095"},
- {"serial", 's', 1, "serial number in hex, default: random"},
- {"ca", 'b', 0, "include CA basicConstraint, default: no"},
- {"pathlen", 'p', 1, "set path length constraint"},
- {"flag", 'e', 1, "include extendedKeyUsage flag"},
- {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
- {"digest", 'g', 1, "digest for signature creation, default: sha1"},
- {"outform", 'f', 1, "encoding of generated cert, default: der"},
-=======
"[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
"[--nc-permitted name] [--nc-excluded name]",
"[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+",
@@ -461,7 +407,6 @@ static void __attribute__ ((constructor))reg()
{"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
{"digest", 'g', 1, "digest for signature creation, default: sha1"},
{"outform", 'f', 1, "encoding of generated cert, default: der"},
->>>>>>> upstream/4.5.1
}
});
}
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 07e4add48..9a21bd99c 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -98,8 +98,6 @@ static int read_serial(char *file, char *buf, int buflen)
}
/**
-<<<<<<< HEAD
-=======
* Destroy a CDP
*/
static void cdp_destroy(x509_cdp_t *this)
@@ -109,7 +107,6 @@ static void cdp_destroy(x509_cdp_t *this)
}
/**
->>>>>>> upstream/4.5.1
* Sign a CRL
*/
static int sign_crl()
@@ -122,22 +119,12 @@ static int sign_crl()
x509_t *x509;
hash_algorithm_t digest = HASH_SHA1;
char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL;
-<<<<<<< HEAD
-=======
char *basecrl = NULL;
->>>>>>> upstream/4.5.1
char serial[512], crl_serial[8], *keyid = NULL;
int serial_len = 0;
crl_reason_t reason = CRL_REASON_UNSPECIFIED;
time_t thisUpdate, nextUpdate, date = time(NULL);
int lifetime = 15;
-<<<<<<< HEAD
- linked_list_t *list;
- enumerator_t *enumerator, *lastenum = NULL;
- chunk_t encoding = chunk_empty;
-
- list = linked_list_create();
-=======
linked_list_t *list, *cdps;
enumerator_t *enumerator, *lastenum = NULL;
x509_cdp_t *cdp;
@@ -145,7 +132,6 @@ static int sign_crl()
list = linked_list_create();
cdps = linked_list_create();
->>>>>>> upstream/4.5.1
memset(crl_serial, 0, sizeof(crl_serial));
@@ -216,8 +202,6 @@ static int sign_crl()
reason = CRL_REASON_UNSPECIFIED;
continue;
}
-<<<<<<< HEAD
-=======
case 'b':
basecrl = arg;
continue;
@@ -227,7 +211,6 @@ static int sign_crl()
);
cdps->insert_last(cdps, cdp);
continue;
->>>>>>> upstream/4.5.1
case 'r':
if (streq(arg, "key-compromise"))
{
@@ -255,7 +238,8 @@ static int sign_crl()
}
else
{
- return command_usage( "invalid revocation reason");
+ error = "invalid revocation reason";
+ goto usage;
}
continue;
case 'd':
@@ -269,7 +253,8 @@ static int sign_crl()
case 'f':
if (!get_form(arg, &form, CRED_CERTIFICATE))
{
- return command_usage("invalid output format");
+ error = "invalid output format";
+ goto usage;
}
continue;
case EOF:
@@ -300,15 +285,9 @@ static int sign_crl()
goto error;
}
x509 = (x509_t*)ca;
-<<<<<<< HEAD
- if (!(x509->get_flags(x509) & X509_CA))
- {
- error = "CA certificate misses CA basicConstraint";
-=======
if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN)))
{
error = "CA certificate misses CA basicConstraint / CRLSign keyUsage";
->>>>>>> upstream/4.5.1
goto error;
}
public = ca->get_public_key(ca);
@@ -346,8 +325,6 @@ static int sign_crl()
thisUpdate = time(NULL);
nextUpdate = thisUpdate + lifetime * 24 * 60 * 60;
-<<<<<<< HEAD
-=======
if (basecrl)
{
lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
@@ -364,7 +341,6 @@ static int sign_crl()
lastcrl = NULL;
}
->>>>>>> upstream/4.5.1
if (lastupdate)
{
lastcrl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
@@ -378,13 +354,10 @@ static int sign_crl()
min(lastcrl->get_serial(lastcrl).len, sizeof(crl_serial)));
lastenum = lastcrl->create_enumerator(lastcrl);
}
-<<<<<<< HEAD
-=======
else
{
lastenum = enumerator_create_empty();
}
->>>>>>> upstream/4.5.1
chunk_increment(chunk_create(crl_serial, sizeof(crl_serial)));
@@ -394,20 +367,12 @@ static int sign_crl()
BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca,
BUILD_SERIAL, chunk_create(crl_serial, sizeof(crl_serial)),
BUILD_NOT_BEFORE_TIME, thisUpdate, BUILD_NOT_AFTER_TIME, nextUpdate,
-<<<<<<< HEAD
- BUILD_REVOKED_ENUMERATOR, enumerator, BUILD_DIGEST_ALG, digest,
- lastenum ? BUILD_REVOKED_ENUMERATOR : BUILD_END, lastenum,
- BUILD_END);
- enumerator->destroy(enumerator);
- DESTROY_IF(lastenum);
-=======
BUILD_REVOKED_ENUMERATOR, enumerator,
BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_DIGEST_ALG, digest,
BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_BASE_CRL, baseCrlNumber,
BUILD_END);
enumerator->destroy(enumerator);
lastenum->destroy(lastenum);
->>>>>>> upstream/4.5.1
DESTROY_IF((certificate_t*)lastcrl);
if (!crl)
@@ -432,13 +397,9 @@ error:
DESTROY_IF(ca);
DESTROY_IF(crl);
free(encoding.ptr);
-<<<<<<< HEAD
- list->destroy_function(list, (void*)revoked_destroy);
-=======
free(baseCrlNumber.ptr);
list->destroy_function(list, (void*)revoked_destroy);
cdps->destroy_function(cdps, (void*)cdp_destroy);
->>>>>>> upstream/4.5.1
if (error)
{
fprintf(stderr, "%s\n", error);
@@ -448,10 +409,7 @@ error:
usage:
list->destroy_function(list, (void*)revoked_destroy);
-<<<<<<< HEAD
-=======
cdps->destroy_function(cdps, (void*)cdp_destroy);
->>>>>>> upstream/4.5.1
return command_usage(error);
}
@@ -464,30 +422,13 @@ static void __attribute__ ((constructor))reg()
sign_crl, 'c', "signcrl",
"issue a CRL using a CA certificate and key",
{"--cacert file --cakey file | --cakeyid hex --lifetime days",
-<<<<<<< HEAD
-=======
"[--lastcrl crl] [--basecrl crl] [--crluri uri ]+",
->>>>>>> upstream/4.5.1
"[ [--reason key-compromise|ca-compromise|affiliation-changed|",
" superseded|cessation-of-operation|certificate-hold]",
" [--date timestamp]",
" --cert file | --serial hex ]*",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
-<<<<<<< HEAD
- {"help", 'h', 0, "show usage information"},
- {"cacert", 'c', 1, "CA certificate file"},
- {"cakey", 'k', 1, "CA private key file"},
- {"cakeyid", 'x', 1, "keyid on smartcard of CA private key"},
- {"lifetime",'l', 1, "days the CRL gets a nextUpdate, default: 15"},
- {"lastcrl", 'a', 1, "CRL of lastUpdate to copy revocations from"},
- {"cert", 'z', 1, "certificate file to revoke"},
- {"serial", 's', 1, "hex encoded certificate serial number to revoke"},
- {"reason", 'r', 1, "reason for certificate revocation"},
- {"date", 'd', 1, "revocation date as unix timestamp, default: now"},
- {"digest", 'g', 1, "digest for signature creation, default: sha1"},
- {"outform", 'f', 1, "encoding of generated crl, default: der"},
-=======
{"help", 'h', 0, "show usage information"},
{"cacert", 'c', 1, "CA certificate file"},
{"cakey", 'k', 1, "CA private key file"},
@@ -502,7 +443,6 @@ static void __attribute__ ((constructor))reg()
{"date", 'd', 1, "revocation date as unix timestamp, default: now"},
{"digest", 'g', 1, "digest for signature creation, default: sha1"},
{"outform", 'f', 1, "encoding of generated crl, default: der"},
->>>>>>> upstream/4.5.1
}
});
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 22:44:13 +0000