From 7a0bda61c8de29c86b73ee3cf20e323a8eabd642 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 31 Dec 2006 01:37:10 +0000
Subject: [PATCH] Allow setting path length

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19610 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/hxtool-commands.in | 5 +++++
 lib/hx509/hxtool.c           | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/hx509/hxtool-commands.in b/lib/hx509/hxtool-commands.in
index 01f07689e..b8ddb2864 100644
--- a/lib/hx509/hxtool-commands.in
+++ b/lib/hx509/hxtool-commands.in
@@ -471,6 +471,11 @@ command = {
 		type = "string"
 		help = "Lifetime of certificate"
 	}
+	option = {
+		long = "path-length"
+		type = "integer"
+		help = "Maximum path length (for CA or proxy certificates)"
+	}
 	option = {
 		long = "hostname"
 		type = "strings"
diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c
index 659d7afa8..ac5235bdd 100644
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -1339,12 +1339,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
     eval_types(context, tbs, opt);
 
     if (opt->issue_ca_flag) {
-	ret = hx509_ca_tbs_set_ca(context, tbs, -1);
+	ret = hx509_ca_tbs_set_ca(context, tbs, opt->path_length_integer);
 	if (ret)
 	    hx509_err(context, ret, 1, "hx509_ca_tbs_set_ca");
     }
     if (opt->issue_proxy_flag) {
-	ret = hx509_ca_tbs_set_proxy(context, tbs, 1);
+	ret = hx509_ca_tbs_set_proxy(context, tbs, opt->path_length_integer);
 	if (ret)
 	    hx509_err(context, ret, 1, "hx509_ca_tbs_set_proxy");
     }