add --lifetime to ca command.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19604 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-12-31 01:10:00 +00:00
parent 7cabe3475e
commit 760f9d2de4
2 changed files with 19 additions and 0 deletions

View File

@@ -466,6 +466,11 @@ command = {
type = "strings"
help = "Type of certificate to issue"
}
option = {
long = "lifetime"
type = "string"
help = "Lifetime of certificate"
}
option = {
long = "hostname"
type = "strings"

View File

@@ -36,6 +36,7 @@ RCSID("$Id$");
#include <hxtool-commands.h>
#include <sl.h>
#include <parse_time.h>
static hx509_context context;
@@ -1215,6 +1216,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
hx509_private_key private_key = NULL;
hx509_name subject = NULL;
SubjectPublicKeyInfo spki;
int delta = 0;
memset(&spki, 0, sizeof(spki));
@@ -1232,6 +1234,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
errx(1, "both --req and --ca-private-key used");
}
if (opt->lifetime_string) {
delta = parse_time(opt->lifetime_string, "day");
if (delta < 0)
errx(1, "Invalid lifetime: %s", opt->lifetime_string);
}
if (opt->ca_certificate_string) {
hx509_query *q;
@@ -1341,6 +1349,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
hx509_err(context, ret, 1, "hx509_ca_tbs_set_proxy");
}
if (delta) {
ret = hx509_ca_tbs_set_notAfter_lifetime(context, tbs, delta);
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_set_notAfter_lifetime");
}
if (opt->self_signed_flag) {
ret = hx509_ca_sign_self(context, tbs, private_key, &cert);
if (ret)