oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add more hxtool EKU options, and KeyUsage too

Browse Source 
This is necessary in order to have more control over, e.g., template
certificates for kx509.  But also it's good to have this more generally.

Some batteries not included.  Specifically: no attempt is made to validate that
given KeyUsage values are compatible with the subjectPublicKey's alrogithm and
parameters.
This commit is contained in:
Nicolas Williams
2019-06-23 14:31:13 -05:00
parent 005ba36b83
commit 859c587dc2
5 changed files with 91 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/hx509/hxtool-commands.in
View File

@@ -426,6 +426,12 @@ command = {
type = "string"
help = "Subject DN"
}
option = {
long = "eku"
type = "strings"
argument = "oid-string"
help = "Add Extended Key Usage OID"
}
option = {
long = "email"
type = "strings"
@@ -650,6 +656,17 @@ command = {
type = "integer"
help = "Maximum path length (CA and proxy certificates), -1 no limit"
}
option = {
long = "eku"
type = "strings"
argument = "oid-string"
help = "Add Extended Key Usage OID"
}
option = {
long = "ku"
type = "strings"
help = "Key Usage (digitalSignature, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly)"
}
option = {
long = "hostname"
type = "strings"