From 1ac70afcc1f7d6d2738a34308810719b0976d29f Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Tue, 25 May 2010 19:01:36 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.4.0) --- src/pki/commands/gen.c | 2 +- src/pki/commands/issue.c | 13 +++++++++---- src/pki/commands/self.c | 5 +++++ 3 files changed, 15 insertions(+), 5 deletions(-) (limited to 'src/pki/commands') diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index 16d8d48d4..b2769da54 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -47,7 +47,7 @@ static int gen() return command_usage("invalid key type"); } continue; - case 'o': + case 'f': if (!get_form(arg, &form, FALSE)) { return command_usage("invalid key output format"); diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 07ab9066a..fcd758f87 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -161,7 +161,7 @@ static int issue() } } - DBG2("Reading ca certificate:"); + DBG2(DBG_LIB, "Reading ca certificate:"); ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, cacert, BUILD_END); if (!ca) @@ -182,7 +182,7 @@ static int issue() goto end; } - DBG2("Reading ca private key:"); + DBG2(DBG_LIB, "Reading ca private key:"); private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, public->get_type(public), BUILD_FROM_FILE, cakey, BUILD_END); @@ -212,6 +212,11 @@ static int issue() goto end; } rng->allocate_bytes(rng, 8, &serial); + while (*serial.ptr == 0x00) + { + /* we don't accept a serial number with leading zeroes */ + rng->get_bytes(rng, 1, serial.ptr); + } rng->destroy(rng); } @@ -221,7 +226,7 @@ static int issue() identification_t *subjectAltName; pkcs10_t *req; - DBG2("Reading certificate request"); + DBG2(DBG_LIB, "Reading certificate request"); if (file) { cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, @@ -261,7 +266,7 @@ static int issue() } else { - DBG2("Reading public key:"); + DBG2(DBG_LIB, "Reading public key:"); if (file) { public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 30ae23be5..d283daa6a 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -158,6 +158,11 @@ static int self() goto end; } rng->allocate_bytes(rng, 8, &serial); + while (*serial.ptr == 0x00) + { + /* we don't accept a serial number with leading zeroes */ + rng->get_bytes(rng, 1, serial.ptr); + } rng->destroy(rng); } not_before = time(NULL); -- cgit v1.2.3