oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Allow generation of proxy certificates.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19599 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-12-30 23:07:00 +00:00
parent 93abfd3634
commit 6a8868770e
1 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/hx509/hxtool.c
View File

@@ -846,7 +846,7 @@ request_create(struct request_create_options *opt, int argc, char **argv)
if (opt->subject_string) { if (opt->subject_string) {
hx509_name name = NULL; hx509_name name = NULL;
ret = hx509_parse_name(opt->subject_string, &name); ret = hx509_parse_name(context, opt->subject_string, &name);
if (ret) if (ret)
errx(1, "hx509_parse_name: %d\n", ret); errx(1, "hx509_parse_name: %d\n", ret);
_hx509_request_set_name(context, req, name); _hx509_request_set_name(context, req, name);
@@ -1218,10 +1218,6 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
memset(&spki, 0, sizeof(spki)); memset(&spki, 0, sizeof(spki));
if (opt->issue_proxy_flag) {
printf("no support for proxy cert yet\n");
return 0;
}
if (opt->ca_certificate_string == NULL && !opt->self_signed_flag) if (opt->ca_certificate_string == NULL && !opt->self_signed_flag)
errx(1, "--ca-certificate argument missing (not using --self-signed)"); errx(1, "--ca-certificate argument missing (not using --self-signed)");
if (opt->ca_private_key_string == NULL && opt->self_signed_flag) if (opt->ca_private_key_string == NULL && opt->self_signed_flag)
@@ -1249,7 +1245,9 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
if (ret) if (ret)
errx(1, "hx509_query_alloc: %d", ret); errx(1, "hx509_query_alloc: %d", ret);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN); hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
if (!opt->issue_proxy_flag)
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN);
ret = hx509_certs_find(context, cacerts, q, &signer); ret = hx509_certs_find(context, cacerts, q, &signer);
hx509_query_free(context, q); hx509_query_free(context, q);
@@ -1299,13 +1297,18 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
if (opt->subject_string) { if (opt->subject_string) {
if (subject) if (subject)
hx509_name_free(&subject); hx509_name_free(&subject);
ret = hx509_parse_name(opt->subject_string, &subject); ret = hx509_parse_name(context, opt->subject_string, &subject);
if (ret) if (ret)
hx509_err(context, ret, 1, "hx509_parse_name: %d\n", ret); hx509_err(context, ret, 1, "hx509_parse_name: %d\n", ret);
} }
if (subject == NULL) if (opt->issue_proxy_flag) {
errx(1, "no subject given"); if (subject)
hx509_name_free(&subject);
} else {
if (subject == NULL)
errx(1, "no subject given");
}
/* /*
* *
@@ -1319,9 +1322,11 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
if (ret) if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_set_spki"); hx509_err(context, ret, 1, "hx509_ca_tbs_set_spki");
ret = hx509_ca_tbs_set_subject(context, tbs, subject); if (subject) {
if (ret) ret = hx509_ca_tbs_set_subject(context, tbs, subject);
hx509_err(context, ret, 1, "hx509_ca_tbs_set_subject"); if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_set_subject");
}
eval_types(context, tbs, opt); eval_types(context, tbs, opt);
@@ -1330,6 +1335,11 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
if (ret) if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_set_ca"); hx509_err(context, ret, 1, "hx509_ca_tbs_set_ca");
} }
if (opt->issue_proxy_flag) {
ret = hx509_ca_tbs_set_proxy(context, tbs, 1);
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_set_proxy");
}
if (opt->self_signed_flag) { if (opt->self_signed_flag) {
ret = hx509_ca_sign_self(context, tbs, private_key, &cert); ret = hx509_ca_sign_self(context, tbs, private_key, &cert);