certtool may explicitly set the domain component (DC) field of a DN.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-03-06 22:47:53 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-03-06 22:49:06 +0100
commit: 06a51074653a7bf7245d484a62152d2fa160b5f6 (patch)
tree: b841e673e287df08412d6bf38a58088ebc3b46fb
parent: df2b6546b2a5ab7280470a0a8148e014cc6abfc6 (diff)
download: gnutls-06a51074653a7bf7245d484a62152d2fa160b5f6.tar.gz
5 files changed, 64 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index 1c89635a00..bf9cc049b3 100644
--- a/NEWS
+++ b/NEWS
@@ -4,11 +4,13 @@ See the end for copying conditions.
 
 * Version 3.0.16 (unreleased)
 
-** Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2.
 
-** Small fixes in p11tool handling of the --private command 
+** p11tool: Small fixes in handling of the --private command 
 line option.
 
+** certtool: The template option allows for setting the DC option.
+
 ** API and ABI modifications:
 No changes since last version.
 
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 6dcb11d37f..b3ee295f49 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -522,6 +522,10 @@ cn = "Cindy Lauper"
 # A user id of the certificate owner.
 #uid = "clauper"
 
+# Set domain components
+#dc = "name"
+#dc = "domain"
+
 # If the supported DN OIDs are not adequate you can set
 # any OID here.
 # For example set the X.520 Title and the X.520 Pseudonym
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 907ab90623..f92a5075b9 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -61,6 +61,7 @@ typedef struct _cfg_ctx
   char *challenge_password;
   char *pkcs9_email;
   char *country;
+  char **dc;
   char **dns_name;
   char **ip_addr;
   char **email;
@@ -228,6 +229,7 @@ template_parse (const char *template)
   if (val != NULL && val->valType == OPARG_TYPE_STRING)
     cfg.country = strdup(val->v.strVal);
   
+  READ_MULTI_LINE("dc", cfg.dc);
   READ_MULTI_LINE("dns_name", cfg.dns_name);
   READ_MULTI_LINE("ip_address", cfg.ip_addr);
   READ_MULTI_LINE("email", cfg.email);
@@ -982,7 +984,6 @@ get_ip_addr_set (int type, void *crt)
     }
 }
 
-
 void
 get_email_set (int type, void *crt)
 {
@@ -1041,6 +1042,57 @@ get_email_set (int type, void *crt)
     }
 }
 
+
+void
+get_dc_set (int type, void *crt)
+{
+  int ret = 0, i;
+
+  if (batch)
+    {
+      if (!cfg.dc)
+        return;
+
+      for (i = 0; cfg.dc[i] != NULL; i++)
+        {
+          if (type == TYPE_CRT)
+            ret =  gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+                                       0, cfg.dc[i], strlen (cfg.dc[i]));
+          else
+            ret =  gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+                                       0, cfg.dc[i], strlen (cfg.dc[i]));
+
+          if (ret < 0)
+            break;
+        }
+    }
+  else
+    {
+      const char *p;
+
+      do 
+        {
+          p = read_str ("Enter the subject's domain component (DC): ");
+          if (!p)
+            return;
+
+          if (type == TYPE_CRT)
+            ret =  gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+                                       0, p, strlen (p));
+          else
+            ret =  gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+                                       0, p, strlen (p));
+        }
+      while(p != NULL);
+    }
+
+  if (ret < 0)
+    {
+      fprintf (stderr, "set_dn_by_oid: %s\n", gnutls_strerror (ret));
+      exit (1);
+    }
+}
+
 void
 get_dns_name_set (int type, void *crt)
 {
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index 36bc5874d6..9587f8635e 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -69,6 +69,7 @@ void get_ip_addr_set (int type, void *crt);
 void get_dns_name_set (int type, void *crt);
 void get_email_set (int type, void *crt);
 int get_ipsec_ike_status (void);
+void get_dc_set (int type, void *crt);
 
 void get_cn_crq_set (gnutls_x509_crq_t crq);
 void get_uid_crq_set (gnutls_x509_crq_t crq);
diff --git a/src/certtool.c b/src/certtool.c
index 036aef5b81..a8bd26b67c 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -369,6 +369,7 @@ generate_certificate (gnutls_privkey_t * ret_key,
           get_locality_crt_set (crt);
           get_state_crt_set (crt);
           get_cn_crt_set (crt);
+          get_dc_set (TYPE_CRT, crt);
           get_uid_crt_set (crt);
           get_oid_crt_set (crt);
           get_key_purpose_set (crt);
@@ -1856,6 +1857,7 @@ generate_request (common_info_st * cinfo)
   get_locality_crq_set (crq);
   get_state_crq_set (crq);
   get_cn_crq_set (crq);
+  get_dc_set (TYPE_CRQ, crq);
   get_uid_crq_set (crq);
   get_oid_crq_set (crq);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-03-06 22:47:53 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-03-06 22:49:06 +0100
commit	06a51074653a7bf7245d484a62152d2fa160b5f6 (patch)
tree	b841e673e287df08412d6bf38a58088ebc3b46fb
parent	df2b6546b2a5ab7280470a0a8148e014cc6abfc6 (diff)
download	gnutls-06a51074653a7bf7245d484a62152d2fa160b5f6.tar.gz