certtool: introduced the email_protection_key option

This option was introduced in documentation for certtool without
an implementation of it. It is a shortcut for option
key_purpose_oid = 1.3.6.1.5.5.7.3.4

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 0aa5b88c9b..657ef0ad93 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -144,6 +144,7 @@ static struct cfg_options available_options[] = {
 	{ .name = "code_signing_key", .type = OPTION_BOOLEAN },
 	{ .name = "ocsp_signing_key", .type = OPTION_BOOLEAN },
 	{ .name = "time_stamping_key", .type = OPTION_BOOLEAN },
+	{ .name = "email_protection_key", .type = OPTION_BOOLEAN },
 	{ .name = "ipsec_ike_key", .type = OPTION_BOOLEAN },
 	{ .name = "key_agreement", .type = OPTION_BOOLEAN },
 	{ .name = "data_encipherment", .type = OPTION_BOOLEAN },
@@ -213,6 +214,7 @@ typedef struct _cfg_ctx {
 	int code_sign_key;
 	int ocsp_sign_key;
 	int time_stamping_key;
+	int email_protection_key;
 	int ipsec_ike_key;
 	char **key_purpose_oids;
 	int crl_next_update;
@@ -546,6 +548,7 @@ int template_parse(const char *template)
 	READ_BOOLEAN("code_signing_key", cfg.code_sign_key);
 	READ_BOOLEAN("ocsp_signing_key", cfg.ocsp_sign_key);
 	READ_BOOLEAN("time_stamping_key", cfg.time_stamping_key);
+	READ_BOOLEAN("email_protection_key", cfg.email_protection_key);
 	READ_BOOLEAN("ipsec_ike_key", cfg.ipsec_ike_key);
 
 	READ_BOOLEAN("data_encipherment", cfg.data_encipherment);
@@ -2461,6 +2464,18 @@ int get_time_stamp_status(void)
 	}
 }
 
+int get_email_protection_status(void)
+{
+	if (batch) {
+		return cfg.email_protection_key;
+	} else {
+		return
+		    read_yesno
+		    ("Will the certificate be used for email protection? (y/N): ",
+		     0);
+	}
+}
+
 int get_ipsec_ike_status(void)
 {
 	if (batch) {