Add dnsname and rfc822 SANs.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19585 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/hx509/ca.c

@@ -219,6 +219,34 @@ out:
     return ret;
 }
     
+int
+hx509_ca_tbs_add_san_hostname(hx509_context context,
+			      hx509_ca_tbs tbs,
+			      const char *dnsname)
+{
+    GeneralName gn;
+
+    memset(&gn, 0, sizeof(gn));
+    gn.element = choice_GeneralName_dNSName;
+    gn.u.dNSName = rk_UNCONST(dnsname);
+    
+    return add_GeneralNames(&tbs->san, &gn);
+}
+
+int
+hx509_ca_tbs_add_san_rfc822name(hx509_context context,
+				hx509_ca_tbs tbs,
+				const char *rfc822Name)
+{
+    GeneralName gn;
+
+    memset(&gn, 0, sizeof(gn));
+    gn.element = choice_GeneralName_rfc822Name;
+    gn.u.rfc822Name = rk_UNCONST(rfc822Name);
+    
+    return add_GeneralNames(&tbs->san, &gn);
+}
+
 
 int
 hx509_ca_tbs_set_subject(hx509_context context,

lib/hx509/hxtool-commands.in

@@ -451,6 +451,16 @@ command = {
 		type = "strings"
 		help = "Type of certificate to issue"
 	}
+	option = {
+		long = "hostname"
+		type = "strings"
+		help = "DNS names this certificate is allowed to serve"
+	}
+	option = {
+		long = "email"
+		type = "strings"
+		help = "email addresses assigned to this certificate"
+	}
 	option = {
 		long = "pk-init-principal"
 		type = "string"

lib/hx509/hxtool.c

@@ -1175,6 +1175,22 @@ eval_types(hx509_context context,
 	    hx509_err(context, ret, 1, "hx509_ca_tbs_add_san_pkinit");
     }
     
+    for (i = 0; i < opt->hostname_strings.num_strings; i++) {
+	const char *hostname = opt->hostname_strings.strings[i];
+
+	ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname);
+	if (ret)
+	    hx509_err(context, ret, 1, "hx509_ca_tbs_add_san_hostname");
+    }
+
+    for (i = 0; i < opt->email_strings.num_strings; i++) {
+	const char *email = opt->email_strings.strings[i];
+
+	ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email);
+	if (ret)
+	    hx509_err(context, ret, 1, "hx509_ca_tbs_add_san_hostname");
+    }
+
     return 0;
 }