oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509: Add support for CSRs w/ BasicConstraints

Browse Source
This commit is contained in:
Nicolas Williams
2023-11-01 16:12:24 -05:00
committed by Nico Williams
parent 0f998cdbc2
commit be0d1e68e5
6 changed files with 260 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/hx509/hxtool.c
View File

@@ -1498,6 +1498,25 @@ request_create(struct request_create_options *opt, int argc, char **argv)
if (ret)
hx509_err(context, 1, ret, "Could not initialize CSR context");
if (opt->ca_flag && opt->ee_flag)
errx(1, "request-create --ca and --ee are mutually exclusive");
if (opt->ca_flag) {
unsigned pathLenConstraint = 0;
unsigned *pathLenConstraintPtr = NULL;
if (opt->ca_path_length_integer > 0 &&
opt->ca_path_length_integer < INT_MAX) {
pathLenConstraint = opt->ca_path_length_integer;
pathLenConstraintPtr = &pathLenConstraint;
}
ret = hx509_request_set_cA(context, req, pathLenConstraintPtr);
if (ret)
errx(1, "hx509_request_set_cA: %d\n", ret);
} else if (opt->ee_flag) {
hx509_request_set_eE(context, req);
}
if (opt->subject_string) {
hx509_name name = NULL;