From 2ad9f89060d76ff6dd30cdd60478ce04c3876cce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sat, 30 Dec 2006 15:03:10 +0000 Subject: [PATCH] Add dnsname and rfc822 SANs. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19585 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/ca.c | 28 ++++++++++++++++++++++++++++ lib/hx509/hxtool-commands.in | 10 ++++++++++ lib/hx509/hxtool.c | 16 ++++++++++++++++ 3 files changed, 54 insertions(+) diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c index 353eb595f..21dd6c51b 100644 --- a/lib/hx509/ca.c +++ b/lib/hx509/ca.c @@ -219,6 +219,34 @@ out: return ret; } +int +hx509_ca_tbs_add_san_hostname(hx509_context context, + hx509_ca_tbs tbs, + const char *dnsname) +{ + GeneralName gn; + + memset(&gn, 0, sizeof(gn)); + gn.element = choice_GeneralName_dNSName; + gn.u.dNSName = rk_UNCONST(dnsname); + + return add_GeneralNames(&tbs->san, &gn); +} + +int +hx509_ca_tbs_add_san_rfc822name(hx509_context context, + hx509_ca_tbs tbs, + const char *rfc822Name) +{ + GeneralName gn; + + memset(&gn, 0, sizeof(gn)); + gn.element = choice_GeneralName_rfc822Name; + gn.u.rfc822Name = rk_UNCONST(rfc822Name); + + return add_GeneralNames(&tbs->san, &gn); +} + int hx509_ca_tbs_set_subject(hx509_context context, diff --git a/lib/hx509/hxtool-commands.in b/lib/hx509/hxtool-commands.in index cfeabe070..fccb1f7df 100644 --- a/lib/hx509/hxtool-commands.in +++ b/lib/hx509/hxtool-commands.in @@ -451,6 +451,16 @@ command = { type = "strings" help = "Type of certificate to issue" } + option = { + long = "hostname" + type = "strings" + help = "DNS names this certificate is allowed to serve" + } + option = { + long = "email" + type = "strings" + help = "email addresses assigned to this certificate" + } option = { long = "pk-init-principal" type = "string" diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c index 6bbcc8357..cacf6cb8e 100644 --- a/lib/hx509/hxtool.c +++ b/lib/hx509/hxtool.c @@ -1175,6 +1175,22 @@ eval_types(hx509_context context, hx509_err(context, ret, 1, "hx509_ca_tbs_add_san_pkinit"); } + for (i = 0; i < opt->hostname_strings.num_strings; i++) { + const char *hostname = opt->hostname_strings.strings[i]; + + ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname); + if (ret) + hx509_err(context, ret, 1, "hx509_ca_tbs_add_san_hostname"); + } + + for (i = 0; i < opt->email_strings.num_strings; i++) { + const char *email = opt->email_strings.strings[i]; + + ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email); + if (ret) + hx509_err(context, ret, 1, "hx509_ca_tbs_add_san_hostname"); + } + return 0; }