diff options
Diffstat (limited to 'src/pki')
| -rw-r--r-- | src/pki/Makefile.am | 4 | ||||
| -rw-r--r-- | src/pki/Makefile.in | 4 | ||||
| -rw-r--r-- | src/pki/commands/gen.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/issue.c | 13 | ||||
| -rw-r--r-- | src/pki/commands/self.c | 5 |
5 files changed, 21 insertions, 7 deletions
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index a471b6477..8eac07afc 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -7,9 +7,11 @@ pki_SOURCES = pki.c pki.h command.c command.h \ commands/pub.c \ commands/req.c \ commands/self.c \ - commands/verify.c + commands/verify.c pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +pki.o : $(top_builddir)/config.status + INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ -DPLUGINS=\""${libstrongswan_plugins}\"" diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 1261d7fa8..522b9e887 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -237,7 +238,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \ commands/pub.c \ commands/req.c \ commands/self.c \ - commands/verify.c + commands/verify.c pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -667,6 +668,7 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-ipsecPROGRAMS +pki.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index 16d8d48d4..b2769da54 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -47,7 +47,7 @@ static int gen() return command_usage("invalid key type"); } continue; - case 'o': + case 'f': if (!get_form(arg, &form, FALSE)) { return command_usage("invalid key output format"); diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 07ab9066a..fcd758f87 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -161,7 +161,7 @@ static int issue() } } - DBG2("Reading ca certificate:"); + DBG2(DBG_LIB, "Reading ca certificate:"); ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, cacert, BUILD_END); if (!ca) @@ -182,7 +182,7 @@ static int issue() goto end; } - DBG2("Reading ca private key:"); + DBG2(DBG_LIB, "Reading ca private key:"); private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, public->get_type(public), BUILD_FROM_FILE, cakey, BUILD_END); @@ -212,6 +212,11 @@ static int issue() goto end; } rng->allocate_bytes(rng, 8, &serial); + while (*serial.ptr == 0x00) + { + /* we don't accept a serial number with leading zeroes */ + rng->get_bytes(rng, 1, serial.ptr); + } rng->destroy(rng); } @@ -221,7 +226,7 @@ static int issue() identification_t *subjectAltName; pkcs10_t *req; - DBG2("Reading certificate request"); + DBG2(DBG_LIB, "Reading certificate request"); if (file) { cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, @@ -261,7 +266,7 @@ static int issue() } else { - DBG2("Reading public key:"); + DBG2(DBG_LIB, "Reading public key:"); if (file) { public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 30ae23be5..d283daa6a 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -158,6 +158,11 @@ static int self() goto end; } rng->allocate_bytes(rng, 8, &serial); + while (*serial.ptr == 0x00) + { + /* we don't accept a serial number with leading zeroes */ + rng->get_bytes(rng, 1, serial.ptr); + } rng->destroy(rng); } not_before = time(NULL); |