oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add eku, ku and san to the certificate.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19580 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-12-30 14:49:37 +00:00
parent b5c3feb43f
commit 993dacac92
2 changed files with 267 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
lib/hx509/hxtool.c
View File

@@ -1124,6 +1124,60 @@ hxtool_hex(struct hex_options *opt, int argc, char **argv)
return 0;
}
static int
eval_types(hx509_context context,
hx509_ca_tbs tbs,
const struct certificate_sign_options *opt)
{
int pkinit = 0;
int i, ret;
for (i = 0; i < opt->type_strings.num_strings; i++) {
const char *type = opt->type_strings.strings[i];
if (strcmp(type, "https-server") == 0) {
ret = hx509_ca_tbs_add_eku(context, tbs,
oid_id_pkix_kp_serverAuth());
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_add_eku");
} else if (strcmp(type, "https-client") == 0) {
ret = hx509_ca_tbs_add_eku(context, tbs,
oid_id_pkix_kp_clientAuth());
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_add_eku");
} else if (strcmp(type, "pkinit-kdc") == 0) {
pkinit++;
ret = hx509_ca_tbs_add_eku(context, tbs,
oid_id_pkkdcekuoid());
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_add_eku");
} else if (strcmp(type, "pkinit-client") == 0) {
pkinit++;
ret = hx509_ca_tbs_add_eku(context, tbs,
oid_id_pkekuoid());
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_add_eku");
} else
errx(1, "unknown type %s", type);
}
if (pkinit > 1)
errx(1, "More the one PK-INIT type given");
if (opt->pk_init_principal_string) {
if (!pkinit)
errx(1, "pk-init principal given but no pk-init oid");
ret = hx509_ca_tbs_add_san_pkinit(context, tbs,
opt->pk_init_principal_string);
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_add_san_pkinit");
}
return 0;
}
int
hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
{
@@ -1220,6 +1274,8 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
if (ret)
hx509_err(context, ret, 1, "hx509_ca_tbs_set_subject");
eval_types(context, tbs, opt);
ret = hx509_ca_sign(context, tbs, signer, &cert);
if (ret)
hx509_err(context, ret, 1, "hx509_ca_sign");