summaryrefslogtreecommitdiff
path: root/src/pki
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki')
-rw-r--r--src/pki/Makefile.am4
-rw-r--r--src/pki/Makefile.in4
-rw-r--r--src/pki/commands/gen.c2
-rw-r--r--src/pki/commands/issue.c13
-rw-r--r--src/pki/commands/self.c5
5 files changed, 21 insertions, 7 deletions
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am
index a471b6477..8eac07afc 100644
--- a/src/pki/Makefile.am
+++ b/src/pki/Makefile.am
@@ -7,9 +7,11 @@ pki_SOURCES = pki.c pki.h command.c command.h \
commands/pub.c \
commands/req.c \
commands/self.c \
- commands/verify.c
+ commands/verify.c
pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pki.o : $(top_builddir)/config.status
+
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = \
-DPLUGINS=\""${libstrongswan_plugins}\""
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 1261d7fa8..522b9e887 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -237,7 +238,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \
commands/pub.c \
commands/req.c \
commands/self.c \
- commands/verify.c
+ commands/verify.c
pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
INCLUDES = -I$(top_srcdir)/src/libstrongswan
@@ -667,6 +668,7 @@ uninstall-am: uninstall-ipsecPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags uninstall uninstall-am uninstall-ipsecPROGRAMS
+pki.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index 16d8d48d4..b2769da54 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -47,7 +47,7 @@ static int gen()
return command_usage("invalid key type");
}
continue;
- case 'o':
+ case 'f':
if (!get_form(arg, &form, FALSE))
{
return command_usage("invalid key output format");
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 07ab9066a..fcd758f87 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -161,7 +161,7 @@ static int issue()
}
}
- DBG2("Reading ca certificate:");
+ DBG2(DBG_LIB, "Reading ca certificate:");
ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_FROM_FILE, cacert, BUILD_END);
if (!ca)
@@ -182,7 +182,7 @@ static int issue()
goto end;
}
- DBG2("Reading ca private key:");
+ DBG2(DBG_LIB, "Reading ca private key:");
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
public->get_type(public),
BUILD_FROM_FILE, cakey, BUILD_END);
@@ -212,6 +212,11 @@ static int issue()
goto end;
}
rng->allocate_bytes(rng, 8, &serial);
+ while (*serial.ptr == 0x00)
+ {
+ /* we don't accept a serial number with leading zeroes */
+ rng->get_bytes(rng, 1, serial.ptr);
+ }
rng->destroy(rng);
}
@@ -221,7 +226,7 @@ static int issue()
identification_t *subjectAltName;
pkcs10_t *req;
- DBG2("Reading certificate request");
+ DBG2(DBG_LIB, "Reading certificate request");
if (file)
{
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
@@ -261,7 +266,7 @@ static int issue()
}
else
{
- DBG2("Reading public key:");
+ DBG2(DBG_LIB, "Reading public key:");
if (file)
{
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 30ae23be5..d283daa6a 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -158,6 +158,11 @@ static int self()
goto end;
}
rng->allocate_bytes(rng, 8, &serial);
+ while (*serial.ptr == 0x00)
+ {
+ /* we don't accept a serial number with leading zeroes */
+ rng->get_bytes(rng, 1, serial.ptr);
+ }
rng->destroy(rng);
}
not_before = time(NULL);