oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509: Make hxtool default store type to FILE

Browse Source 
A common complaint about hxtool(1) is that if one fails to add a TYPE:
prefix to a CSR or certificate/private key store names, then hxtool
fails somewhat inscrutably.  We can't just fix hx509_certs_init() or
hx509_certs_append() because they default to "MEMORY" so who knows what
might break.  Instead we fix all uses of user-provided store names in
hxtool to have a FILE: prefix if no type was given.  For CSRs we'll
default to adding the only type prefix supported, "PKCS10".
This commit is contained in:
Nicolas Williams
2021-03-24 01:07:50 -05:00
parent 8e7c7209e8
commit 5d939ba1b6
5 changed files with 135 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/hx509/req.c
View File

@@ -927,7 +927,8 @@ hx509_request_parse(hx509_context context,
/* XXX Add support for PEM */
if (strncmp(csr, "PKCS10:", 7) != 0) {
hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
"unsupport type in %s", csr);
"CSR location does not start with \"PKCS10:\": %s",
csr);
return HX509_UNSUPPORTED_OPERATION;
}