add --lifetime to ca command.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19604 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -466,6 +466,11 @@ command = {
|
||||
type = "strings"
|
||||
help = "Type of certificate to issue"
|
||||
}
|
||||
option = {
|
||||
long = "lifetime"
|
||||
type = "string"
|
||||
help = "Lifetime of certificate"
|
||||
}
|
||||
option = {
|
||||
long = "hostname"
|
||||
type = "strings"
|
||||
|
@@ -36,6 +36,7 @@ RCSID("$Id$");
|
||||
|
||||
#include <hxtool-commands.h>
|
||||
#include <sl.h>
|
||||
#include <parse_time.h>
|
||||
|
||||
static hx509_context context;
|
||||
|
||||
@@ -1215,6 +1216,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
|
||||
hx509_private_key private_key = NULL;
|
||||
hx509_name subject = NULL;
|
||||
SubjectPublicKeyInfo spki;
|
||||
int delta = 0;
|
||||
|
||||
memset(&spki, 0, sizeof(spki));
|
||||
|
||||
@@ -1232,6 +1234,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
|
||||
errx(1, "both --req and --ca-private-key used");
|
||||
}
|
||||
|
||||
if (opt->lifetime_string) {
|
||||
delta = parse_time(opt->lifetime_string, "day");
|
||||
if (delta < 0)
|
||||
errx(1, "Invalid lifetime: %s", opt->lifetime_string);
|
||||
}
|
||||
|
||||
if (opt->ca_certificate_string) {
|
||||
hx509_query *q;
|
||||
|
||||
@@ -1341,6 +1349,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
|
||||
hx509_err(context, ret, 1, "hx509_ca_tbs_set_proxy");
|
||||
}
|
||||
|
||||
if (delta) {
|
||||
ret = hx509_ca_tbs_set_notAfter_lifetime(context, tbs, delta);
|
||||
if (ret)
|
||||
hx509_err(context, ret, 1, "hx509_ca_tbs_set_notAfter_lifetime");
|
||||
}
|
||||
|
||||
if (opt->self_signed_flag) {
|
||||
ret = hx509_ca_sign_self(context, tbs, private_key, &cert);
|
||||
if (ret)
|
||||
|
Reference in New Issue
Block a user