From 071db50a3f89e44853a15aee6f4e31192fd2f087 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 31 May 2007 02:44:39 +0000
Subject: [PATCH] add --ms-upn and add more EKU's for pk-init client.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20721 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/hxtool.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c
index 0131f353b..4dc530b5c 100644
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -1284,6 +1284,17 @@ eval_types(hx509_context context,
 				       oid_id_pkekuoid());
 	    if (ret)
 		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+
+	    ret = hx509_ca_tbs_add_eku(context, tbs, 
+				       oid_id_ms_client_authentication());
+	    if (ret)
+		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+
+	    ret = hx509_ca_tbs_add_eku(context, tbs, 
+				       oid_id_pkinit_ms_eku());
+	    if (ret)
+		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+
 	} else if (strcmp(type, "email") == 0) {
 	    ret = hx509_ca_tbs_add_eku(context, tbs, 
 				       oid_id_pkix_kp_emailProtection());
@@ -1305,6 +1316,16 @@ eval_types(hx509_context context,
 	if (ret)
 	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit");
     }
+
+    if (opt->ms_upn_string) {
+	if (!pkinit)
+	    errx(1, "MS up given but no pk-init oid");
+
+	ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string);
+	if (ret)
+	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
+    }
+
     
     for (i = 0; i < opt->hostname_strings.num_strings; i++) {
 	const char *hostname = opt->hostname_strings.strings[i];