diff options
| author | Tim Kosse <tim.kosse@filezilla-project.org> | 2016-01-07 11:27:13 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-30 10:23:28 +0200 |
| commit | 1bef39cac91bad1d7cc09f9886cc575294291fa1 (patch) | |
| tree | cc34307ed374527e20b8d1ab12f2efe9107bb2a6 /src/certtool-cfg.c | |
| parent | 0fb28b050250423c29e63bc9f23499c2058a752e (diff) | |
| download | gnutls-1bef39cac91bad1d7cc09f9886cc575294291fa1.tar.gz | |
Implement setting the TLS features extension on certificates via certtool's template file.
Diffstat (limited to 'src/certtool-cfg.c')
| -rw-r--r-- | src/certtool-cfg.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index 67bf0bdd76..ae428d5d35 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -28,6 +28,7 @@ #include <stdint.h> #include <certtool-cfg.h> #include <gnutls/x509.h> +#include <gnutls/x509-ext.h> #include <string.h> #include <limits.h> #include <inttypes.h> @@ -138,6 +139,7 @@ static struct cfg_options available_options[] = { { .name = "key_agreement", .type = OPTION_BOOLEAN }, { .name = "data_encipherment", .type = OPTION_BOOLEAN }, { .name = "non_repudiation", .type = OPTION_BOOLEAN }, + { .name = "tls_feature", .type = OPTION_MULTI_LINE }, }; typedef struct _cfg_ctx { @@ -207,6 +209,7 @@ typedef struct _cfg_ctx { char *proxy_policy_language; char **ocsp_uris; char **ca_issuers_uris; + char **tls_features; } cfg_ctx; cfg_ctx cfg; @@ -522,6 +525,8 @@ int template_parse(const char *template) READ_BOOLEAN("key_agreement", cfg.key_agreement); READ_BOOLEAN("non_repudiation", cfg.non_repudiation); + READ_MULTI_LINE("tls_feature", cfg.tls_features); + optionUnloadNested(pov); return 0; @@ -2574,3 +2579,51 @@ void get_oid_crq_set(gnutls_x509_crq_t crq) } } + +void get_tlsfeatures_set(int type, void *crt) +{ + int ret, i; + unsigned int feature; + + if (batch) { + if (!cfg.tls_features) + return; + + gnutls_x509_tlsfeatures_t features; + ret = gnutls_x509_tlsfeatures_init(&features); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_tlsfeatures_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + for (i = 0; cfg.tls_features[i]; ++i) { + feature = strtoul(cfg.tls_features[i], 0, 10); + ret = gnutls_x509_tlsfeatures_add(features, feature); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_tlsfeatures_add: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } + + if (type == TYPE_CRT) { + ret = gnutls_x509_crt_set_tlsfeatures(crt, features); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_set_tlsfeatures: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } + else { + ret = gnutls_x509_crq_set_tlsfeatures(crt, features); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crq_set_tlsfeatures: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_x509_tlsfeatures_deinit(features); + } +} |