summaryrefslogtreecommitdiff
path: root/src/certtool-cfg.c
diff options
context:
space:
mode:
authorZoltan Fridrich <zfridric@redhat.com>2023-01-27 15:03:53 +0100
committerZoltan Fridrich <zfridric@redhat.com>2023-01-27 15:11:28 +0100
commit50e0c39fc9b8e0ae493f42a3046db5e70f8ea044 (patch)
tree36d6eb0dde4d81527a07017d6df7d1dd4b7e436e /src/certtool-cfg.c
parent21288eb0ce9d27f00c4f8ac8048b22f4003f65ac (diff)
downloadgnutls-50e0c39fc9b8e0ae493f42a3046db5e70f8ea044.tar.gz
Indent code
Co-authored-by: Simon Josefsson <simon@josefsson.org> Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Diffstat (limited to 'src/certtool-cfg.c')
-rw-r--r--src/certtool-cfg.c742
1 files changed, 404 insertions, 338 deletions
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index a8a135a4a4..9a323c61e8 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -43,9 +43,9 @@
#include <sys/types.h>
#if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
+# include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
+# include <ws2tcpip.h>
#endif
/* From gnulib for inet_pton() */
@@ -56,8 +56,8 @@
#include "certtool-common.h"
/* to print uint64_t */
-# define __STDC_FORMAT_MACROS
-# include <inttypes.h>
+#define __STDC_FORMAT_MACROS
+#include <inttypes.h>
extern int batch;
extern int ask_pass;
@@ -75,7 +75,9 @@ extern int ask_pass;
if (sizeof(time_t) < 8) \
fprintf(stderr, "This system expresses time with a 32-bit time_t; that prevents dates after 2038 to be expressed by GnuTLS.\n")
-enum option_types { OPTION_NUMERIC, OPTION_STRING, OPTION_BOOLEAN, OPTION_MULTI_LINE };
+enum option_types { OPTION_NUMERIC, OPTION_STRING, OPTION_BOOLEAN,
+ OPTION_MULTI_LINE
+};
struct cfg_options {
const char *name;
@@ -86,76 +88,76 @@ struct cfg_options {
};
static struct cfg_options available_options[] = {
- { .name = "unit", .type = OPTION_MULTI_LINE },
- { .name = "ou", .type = OPTION_MULTI_LINE },
- { .name = "organization", .type = OPTION_MULTI_LINE },
- { .name = "o", .type = OPTION_MULTI_LINE },
- { .name = "dc", .type = OPTION_MULTI_LINE },
- { .name = "dns_name", .type = OPTION_MULTI_LINE },
- { .name = "ip_address", .type = OPTION_MULTI_LINE },
- { .name = "email", .type = OPTION_MULTI_LINE },
- { .name = "krb5_principal", .type = OPTION_MULTI_LINE },
- { .name = "other_name", .type = OPTION_MULTI_LINE },
- { .name = "other_name_utf8", .type = OPTION_MULTI_LINE },
- { .name = "other_name_octet", .type = OPTION_MULTI_LINE },
- { .name = "xmpp_name", .type = OPTION_MULTI_LINE },
- { .name = "key_purpose_oid", .type = OPTION_MULTI_LINE },
- { .name = "nc_exclude_dns", .type = OPTION_MULTI_LINE },
- { .name = "nc_exclude_ip", .type = OPTION_MULTI_LINE },
- { .name = "nc_exclude_email", .type = OPTION_MULTI_LINE },
- { .name = "nc_permit_dns", .type = OPTION_MULTI_LINE },
- { .name = "nc_permit_ip", .type = OPTION_MULTI_LINE },
- { .name = "nc_permit_email", .type = OPTION_MULTI_LINE },
- { .name = "dn_oid", .type = OPTION_MULTI_LINE },
- { .name = "add_extension", .type = OPTION_MULTI_LINE },
- { .name = "add_critical_extension", .type = OPTION_MULTI_LINE },
- { .name = "crl_dist_points", .type = OPTION_MULTI_LINE },
- { .name = "uri", .type = OPTION_MULTI_LINE },
- { .name = "ocsp_uri", .type = OPTION_MULTI_LINE },
- { .name = "ca_issuers_uri", .type = OPTION_MULTI_LINE },
- { .name = "locality", .type = OPTION_STRING },
- { .name = "state", .type = OPTION_STRING },
- { .name = "dn", .type = OPTION_STRING },
- { .name = "cn", .type = OPTION_STRING },
- { .name = "uid", .type = OPTION_STRING },
- { .name = "subject_unique_id", .type = OPTION_STRING },
- { .name = "issuer_unique_id", .type = OPTION_STRING },
- { .name = "challenge_password", .type = OPTION_STRING },
- { .name = "password", .type = OPTION_STRING },
- { .name = "pkcs9_email", .type = OPTION_STRING },
- { .name = "country", .type = OPTION_STRING },
- { .name = "expiration_date", .type = OPTION_STRING },
- { .name = "activation_date", .type = OPTION_STRING },
- { .name = "crl_revocation_date", .type = OPTION_STRING },
- { .name = "crl_this_update_date", .type = OPTION_STRING },
- { .name = "crl_next_update_date", .type = OPTION_STRING },
- { .name = "policy*", .type = OPTION_MULTI_LINE }, /* not a multi-line but there are multi as it is a wildcard */
- { .name = "inhibit_anypolicy_skip_certs", .type = OPTION_NUMERIC },
- { .name = "pkcs12_key_name", .type = OPTION_STRING },
- { .name = "proxy_policy_language", .type = OPTION_STRING },
- { .name = "serial", .type = OPTION_STRING },
- { .name = "expiration_days", .type = OPTION_NUMERIC },
- { .name = "crl_next_update", .type = OPTION_NUMERIC },
- { .name = "crl_number", .type = OPTION_STRING },
- { .name = "path_len", .type = OPTION_NUMERIC },
- { .name = "ca", .type = OPTION_BOOLEAN },
- { .name = "honor_crq_extensions", .type = OPTION_BOOLEAN },
- { .name = "honor_crq_ext", .type = OPTION_MULTI_LINE },
- { .name = "tls_www_client", .type = OPTION_BOOLEAN },
- { .name = "tls_www_server", .type = OPTION_BOOLEAN },
- { .name = "signing_key", .type = OPTION_BOOLEAN },
- { .name = "encryption_key", .type = OPTION_BOOLEAN },
- { .name = "cert_signing_key", .type = OPTION_BOOLEAN },
- { .name = "crl_signing_key", .type = OPTION_BOOLEAN },
- { .name = "code_signing_key", .type = OPTION_BOOLEAN },
- { .name = "ocsp_signing_key", .type = OPTION_BOOLEAN },
- { .name = "time_stamping_key", .type = OPTION_BOOLEAN },
- { .name = "email_protection_key", .type = OPTION_BOOLEAN },
- { .name = "ipsec_ike_key", .type = OPTION_BOOLEAN },
- { .name = "key_agreement", .type = OPTION_BOOLEAN },
- { .name = "data_encipherment", .type = OPTION_BOOLEAN },
- { .name = "non_repudiation", .type = OPTION_BOOLEAN },
- { .name = "tls_feature", .type = OPTION_MULTI_LINE },
+ {.name = "unit",.type = OPTION_MULTI_LINE},
+ {.name = "ou",.type = OPTION_MULTI_LINE},
+ {.name = "organization",.type = OPTION_MULTI_LINE},
+ {.name = "o",.type = OPTION_MULTI_LINE},
+ {.name = "dc",.type = OPTION_MULTI_LINE},
+ {.name = "dns_name",.type = OPTION_MULTI_LINE},
+ {.name = "ip_address",.type = OPTION_MULTI_LINE},
+ {.name = "email",.type = OPTION_MULTI_LINE},
+ {.name = "krb5_principal",.type = OPTION_MULTI_LINE},
+ {.name = "other_name",.type = OPTION_MULTI_LINE},
+ {.name = "other_name_utf8",.type = OPTION_MULTI_LINE},
+ {.name = "other_name_octet",.type = OPTION_MULTI_LINE},
+ {.name = "xmpp_name",.type = OPTION_MULTI_LINE},
+ {.name = "key_purpose_oid",.type = OPTION_MULTI_LINE},
+ {.name = "nc_exclude_dns",.type = OPTION_MULTI_LINE},
+ {.name = "nc_exclude_ip",.type = OPTION_MULTI_LINE},
+ {.name = "nc_exclude_email",.type = OPTION_MULTI_LINE},
+ {.name = "nc_permit_dns",.type = OPTION_MULTI_LINE},
+ {.name = "nc_permit_ip",.type = OPTION_MULTI_LINE},
+ {.name = "nc_permit_email",.type = OPTION_MULTI_LINE},
+ {.name = "dn_oid",.type = OPTION_MULTI_LINE},
+ {.name = "add_extension",.type = OPTION_MULTI_LINE},
+ {.name = "add_critical_extension",.type = OPTION_MULTI_LINE},
+ {.name = "crl_dist_points",.type = OPTION_MULTI_LINE},
+ {.name = "uri",.type = OPTION_MULTI_LINE},
+ {.name = "ocsp_uri",.type = OPTION_MULTI_LINE},
+ {.name = "ca_issuers_uri",.type = OPTION_MULTI_LINE},
+ {.name = "locality",.type = OPTION_STRING},
+ {.name = "state",.type = OPTION_STRING},
+ {.name = "dn",.type = OPTION_STRING},
+ {.name = "cn",.type = OPTION_STRING},
+ {.name = "uid",.type = OPTION_STRING},
+ {.name = "subject_unique_id",.type = OPTION_STRING},
+ {.name = "issuer_unique_id",.type = OPTION_STRING},
+ {.name = "challenge_password",.type = OPTION_STRING},
+ {.name = "password",.type = OPTION_STRING},
+ {.name = "pkcs9_email",.type = OPTION_STRING},
+ {.name = "country",.type = OPTION_STRING},
+ {.name = "expiration_date",.type = OPTION_STRING},
+ {.name = "activation_date",.type = OPTION_STRING},
+ {.name = "crl_revocation_date",.type = OPTION_STRING},
+ {.name = "crl_this_update_date",.type = OPTION_STRING},
+ {.name = "crl_next_update_date",.type = OPTION_STRING},
+ {.name = "policy*",.type = OPTION_MULTI_LINE}, /* not a multi-line but there are multi as it is a wildcard */
+ {.name = "inhibit_anypolicy_skip_certs",.type = OPTION_NUMERIC},
+ {.name = "pkcs12_key_name",.type = OPTION_STRING},
+ {.name = "proxy_policy_language",.type = OPTION_STRING},
+ {.name = "serial",.type = OPTION_STRING},
+ {.name = "expiration_days",.type = OPTION_NUMERIC},
+ {.name = "crl_next_update",.type = OPTION_NUMERIC},
+ {.name = "crl_number",.type = OPTION_STRING},
+ {.name = "path_len",.type = OPTION_NUMERIC},
+ {.name = "ca",.type = OPTION_BOOLEAN},
+ {.name = "honor_crq_extensions",.type = OPTION_BOOLEAN},
+ {.name = "honor_crq_ext",.type = OPTION_MULTI_LINE},
+ {.name = "tls_www_client",.type = OPTION_BOOLEAN},
+ {.name = "tls_www_server",.type = OPTION_BOOLEAN},
+ {.name = "signing_key",.type = OPTION_BOOLEAN},
+ {.name = "encryption_key",.type = OPTION_BOOLEAN},
+ {.name = "cert_signing_key",.type = OPTION_BOOLEAN},
+ {.name = "crl_signing_key",.type = OPTION_BOOLEAN},
+ {.name = "code_signing_key",.type = OPTION_BOOLEAN},
+ {.name = "ocsp_signing_key",.type = OPTION_BOOLEAN},
+ {.name = "time_stamping_key",.type = OPTION_BOOLEAN},
+ {.name = "email_protection_key",.type = OPTION_BOOLEAN},
+ {.name = "ipsec_ike_key",.type = OPTION_BOOLEAN},
+ {.name = "key_agreement",.type = OPTION_BOOLEAN},
+ {.name = "data_encipherment",.type = OPTION_BOOLEAN},
+ {.name = "non_repudiation",.type = OPTION_BOOLEAN},
+ {.name = "tls_feature",.type = OPTION_MULTI_LINE},
};
typedef struct _cfg_ctx {
@@ -206,7 +208,7 @@ typedef struct _cfg_ctx {
uint8_t *serial;
unsigned serial_size;
int expiration_days;
- int skip_certs; /* from inhibit anypolicy */
+ int skip_certs; /* from inhibit anypolicy */
int ca;
int path_len;
int tls_www_client;
@@ -341,23 +343,28 @@ void cfg_init(void)
output_size = _output.size; \
}
-
static int handle_option(cfg_option_t val)
{
unsigned j;
unsigned len, cmp;
- for (j=0;j<sizeof(available_options)/sizeof(available_options[0]);j++) {
+ for (j = 0;
+ j < sizeof(available_options) / sizeof(available_options[0]);
+ j++) {
len = strlen(available_options[j].name);
- if (len > 2 && available_options[j].name[len-1] == '*')
- cmp = strncasecmp(val->name, available_options[j].name, len-1);
+ if (len > 2 && available_options[j].name[len - 1] == '*')
+ cmp =
+ strncasecmp(val->name, available_options[j].name,
+ len - 1);
else
cmp = strcasecmp(val->name, available_options[j].name);
if (cmp == 0) {
if (available_options[j].type != OPTION_MULTI_LINE &&
available_options[j].found != 0) {
- fprintf(stderr, "Warning: multiple options found for '%s'; only the first will be taken into account.\n", available_options[j].name);
+ fprintf(stderr,
+ "Warning: multiple options found for '%s'; only the first will be taken into account.\n",
+ available_options[j].name);
}
available_options[j].found = 1;
return 1;
@@ -385,7 +392,9 @@ int template_parse(const char *template)
for (val = pov; val->name; val++) {
if (handle_option(val) == 0) {
- fprintf(stderr, "Warning: skipping unknown option '%s'\n", val->name);
+ fprintf(stderr,
+ "Warning: skipping unknown option '%s'\n",
+ val->name);
}
}
@@ -422,11 +431,13 @@ int template_parse(const char *template)
val = cfg_next(pov, "issuer_unique_id");
if (val != NULL)
- HEX_DECODE(val->value, cfg.issuer_unique_id, cfg.issuer_unique_id_size);
+ HEX_DECODE(val->value, cfg.issuer_unique_id,
+ cfg.issuer_unique_id_size);
val = cfg_next(pov, "subject_unique_id");
if (val != NULL)
- HEX_DECODE(val->value, cfg.subject_unique_id, cfg.subject_unique_id_size);
+ HEX_DECODE(val->value, cfg.subject_unique_id,
+ cfg.subject_unique_id_size);
val = cfg_next(pov, "challenge_password");
if (val != NULL)
@@ -473,14 +484,12 @@ int template_parse(const char *template)
cfg.policy_oid[i] = strdup(val->value);
if (cfg.policy_oid[i] != NULL) {
- snprintf(tmpstr, sizeof(tmpstr), "policy%d_url",
- i + 1);
+ snprintf(tmpstr, sizeof(tmpstr), "policy%d_url", i + 1);
val = cfg_next(pov, tmpstr);
if (val != NULL)
cfg.policy_url[i] = strdup(val->value);
- snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt",
- i + 1);
+ snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt", i + 1);
val = cfg_next(pov, tmpstr);
if (val != NULL) {
cfg.policy_txt[i] = strdup(val->value);
@@ -511,7 +520,8 @@ int template_parse(const char *template)
READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid);
READ_MULTI_LINE_TOKENIZED("add_extension", cfg.extensions);
- READ_MULTI_LINE_TOKENIZED("add_critical_extension", cfg.crit_extensions);
+ READ_MULTI_LINE_TOKENIZED("add_critical_extension",
+ cfg.crit_extensions);
READ_MULTI_LINE("crl_dist_points", cfg.crl_dist_points);
@@ -519,7 +529,6 @@ int template_parse(const char *template)
if (val != NULL)
cfg.pkcs12_key_name = strdup(val->value);
-
val = cfg_next(pov, "serial");
if (val != NULL)
SERIAL_DECODE(val->value, cfg.serial, cfg.serial_size);
@@ -583,19 +592,20 @@ static size_t strip_nl(char *str, size_t str_size)
return str_size;
}
-static int copystr_without_nl(char *out, size_t out_size, const char *in, size_t in_size)
+static int copystr_without_nl(char *out, size_t out_size, const char *in,
+ size_t in_size)
{
- if (in_size+1 >= out_size) {
- fprintf(stderr, "Too long line to parse in interactive mode; please use templates.\n");
+ if (in_size + 1 >= out_size) {
+ fprintf(stderr,
+ "Too long line to parse in interactive mode; please use templates.\n");
exit(1);
}
- memcpy(out, in, in_size+1); /* copy terminating null */
+ memcpy(out, in, in_size + 1); /* copy terminating null */
strip_nl(out, in_size);
return 0;
}
-void
-read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
+void read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
{
ssize_t ret;
char *lineptr = NULL;
@@ -613,9 +623,7 @@ read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
linesize = strip_nl(lineptr, ret);
- ret =
- gnutls_x509_crt_set_dn_by_oid(crt, oid, 0, lineptr,
- linesize);
+ ret = gnutls_x509_crt_set_dn_by_oid(crt, oid, 0, lineptr, linesize);
if (ret < 0) {
fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
@@ -623,8 +631,7 @@ read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
free(lineptr);
}
-void
-read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
+void read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
{
ssize_t ret;
char *lineptr = NULL;
@@ -642,9 +649,7 @@ read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
linesize = strip_nl(lineptr, ret);
- ret =
- gnutls_x509_crq_set_dn_by_oid(crq, oid, 0, lineptr,
- linesize);
+ ret = gnutls_x509_crq_set_dn_by_oid(crq, oid, 0, lineptr, linesize);
if (ret < 0) {
fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
@@ -673,41 +678,40 @@ static int64_t read_int_with_default(const char *input_str, long def)
l = strtoll(input, &endptr, 0);
if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n') {
- fprintf(stderr, "Trailing garbage ignored: `%s'\n",
- endptr);
+ fprintf(stderr, "Trailing garbage ignored: `%s'\n", endptr);
return 0;
} else {
*endptr = 0;
}
if (l <= LLONG_MIN || l >= LLONG_MAX) {
- fprintf(stderr, "Integer out of range: `%s' (max: %llu)\n", input, LLONG_MAX-1);
+ fprintf(stderr, "Integer out of range: `%s' (max: %llu)\n",
+ input, LLONG_MAX - 1);
return 0;
}
#else
l = strtol(input, &endptr, 0);
if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n') {
- fprintf(stderr, "Trailing garbage ignored: `%s'\n",
- endptr);
+ fprintf(stderr, "Trailing garbage ignored: `%s'\n", endptr);
return 0;
} else {
*endptr = 0;
}
if (l <= LONG_MIN || l >= LONG_MAX) {
- fprintf(stderr, "Integer out of range: `%s' (max: %lu)\n", input, LONG_MAX-1);
+ fprintf(stderr, "Integer out of range: `%s' (max: %lu)\n",
+ input, LONG_MAX - 1);
return 0;
}
#endif
-
-
if (input == endptr)
l = def;
return l;
}
+
#pragma GCC diagnostic pop
int64_t read_int(const char *input_str)
@@ -715,7 +719,7 @@ int64_t read_int(const char *input_str)
return read_int_with_default(input_str, 0);
}
-int serial_decode(const char *input, gnutls_datum_t *output)
+int serial_decode(const char *input, gnutls_datum_t * output)
{
int i;
int64_t value;
@@ -724,14 +728,13 @@ int serial_decode(const char *input, gnutls_datum_t *output)
gnutls_datum_t input_datum;
if (input[0] == '0' && input[1] == 'x') {
- input_datum.data = (void *) (input + 2);
+ input_datum.data = (void *)(input + 2);
input_datum.size = strlen(input + 2);
if (input_datum.size == 0) {
return GNUTLS_E_PARSING_ERROR;
}
return gnutls_hex_decode2(&input_datum, output);
}
-
#if SIZEOF_LONG < 8
value = strtol(input, &endptr, 10);
value_limit = LONG_MAX;
@@ -746,7 +749,9 @@ int serial_decode(const char *input, gnutls_datum_t *output)
}
if (value <= 0 || value >= value_limit) {
- fprintf(stderr, "Integer out of range: `%s' (min: 1, max: %"PRId64")\n", input, value_limit-1);
+ fprintf(stderr,
+ "Integer out of range: `%s' (min: 1, max: %" PRId64
+ ")\n", input, value_limit - 1);
return GNUTLS_E_PARSING_ERROR;
}
@@ -799,7 +804,7 @@ int read_yesno(const char *input_str, int def)
{
char input[MAX_INPUT_SIZE];
- restart:
+ restart:
fputs(input_str, stderr);
if (fgets(input, sizeof(input), stdin) == NULL)
return def;
@@ -815,7 +820,6 @@ int read_yesno(const char *input_str, int def)
goto restart;
}
-
/* Wrapper functions for non-interactive mode.
*/
const char *get_pass(void)
@@ -846,8 +850,7 @@ const char *get_confirmed_pass(bool empty_ok)
CHECK_MALLOC(copy);
pass = getpass("Confirm password: ");
}
- while (strcmp(pass, copy) != 0
- && !(empty_ok && *pass == '\0'));
+ while (strcmp(pass, copy) != 0 && !(empty_ok && *pass == '\0'));
free(copy);
@@ -874,8 +877,7 @@ void get_crl_dist_point_set(gnutls_x509_crt_t crt)
for (i = 0; cfg.crl_dist_points[i] != NULL; i++) {
ret =
gnutls_x509_crt_set_crl_dist_points
- (crt, GNUTLS_SAN_URI, cfg.crl_dist_points[i],
- 0);
+ (crt, GNUTLS_SAN_URI, cfg.crl_dist_points[i], 0);
if (ret < 0)
break;
}
@@ -924,8 +926,7 @@ void get_country_crt_set(gnutls_x509_crt_t crt)
0, cfg.country,
strlen(cfg.country));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -947,9 +948,12 @@ void get_organization_crt_set(gnutls_x509_crt_t crt)
for (i = 0; cfg.organization[i] != NULL; i++) {
ret =
gnutls_x509_crt_set_dn_by_oid(crt,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, cfg.organization[i],
- strlen(cfg.organization[i]));
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0,
+ cfg.organization[i],
+ strlen
+ (cfg.organization
+ [i]));
if (ret < 0) {
fprintf(stderr, "set_dn: %s\n",
gnutls_strerror(ret));
@@ -975,9 +979,9 @@ void get_unit_crt_set(gnutls_x509_crt_t crt)
for (i = 0; cfg.unit[i] != NULL; i++) {
ret =
gnutls_x509_crt_set_dn_by_oid(crt,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit[i],
- strlen(cfg.unit[i]));
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit[i],
+ strlen(cfg.unit[i]));
if (ret < 0) {
fprintf(stderr, "set_dn: %s\n",
gnutls_strerror(ret));
@@ -1004,8 +1008,7 @@ void get_state_crt_set(gnutls_x509_crt_t crt)
0, cfg.state,
strlen(cfg.state));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -1028,8 +1031,7 @@ void get_locality_crt_set(gnutls_x509_crt_t crt)
0, cfg.locality,
strlen(cfg.locality));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -1049,16 +1051,14 @@ void get_cn_crt_set(gnutls_x509_crt_t crt)
ret =
gnutls_x509_crt_set_dn_by_oid(crt,
GNUTLS_OID_X520_COMMON_NAME,
- 0, cfg.cn,
- strlen(cfg.cn));
+ 0, cfg.cn, strlen(cfg.cn));
if (ret < 0) {
fprintf(stderr, "set_dn_by_oid: %s\n",
gnutls_strerror(ret));
exit(1);
}
} else {
- read_crt_set(crt, "Common name: ",
- GNUTLS_OID_X520_COMMON_NAME);
+ read_crt_set(crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
}
}
@@ -1088,10 +1088,13 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
gnutls_datum_t name;
if (batch) {
- if (cfg.permitted_nc_dns == NULL && cfg.permitted_nc_email == NULL &&
- cfg.excluded_nc_dns == NULL && cfg.excluded_nc_email == NULL &&
- cfg.permitted_nc_ip == NULL && cfg.excluded_nc_ip == NULL)
- return; /* nothing to do */
+ if (cfg.permitted_nc_dns == NULL
+ && cfg.permitted_nc_email == NULL
+ && cfg.excluded_nc_dns == NULL
+ && cfg.excluded_nc_email == NULL
+ && cfg.permitted_nc_ip == NULL
+ && cfg.excluded_nc_ip == NULL)
+ return; /* nothing to do */
ret = gnutls_x509_name_constraints_init(&nc);
if (ret < 0) {
@@ -1101,14 +1104,22 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
if (cfg.permitted_nc_ip) {
for (i = 0; cfg.permitted_nc_ip[i] != NULL; i++) {
- ret = gnutls_x509_cidr_to_rfc5280(cfg.permitted_nc_ip[i], &name);
+ ret =
+ gnutls_x509_cidr_to_rfc5280
+ (cfg.permitted_nc_ip[i], &name);
if (ret < 0) {
- fprintf(stderr, "error parsing IP constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error parsing IP constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
- ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, &name);
+ ret =
+ gnutls_x509_name_constraints_add_permitted
+ (nc, GNUTLS_SAN_IPADDRESS, &name);
if (ret < 0) {
- fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error adding constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
free(name.data);
@@ -1117,14 +1128,22 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
if (cfg.excluded_nc_ip) {
for (i = 0; cfg.excluded_nc_ip[i] != NULL; i++) {
- ret = gnutls_x509_cidr_to_rfc5280(cfg.excluded_nc_ip[i], &name);
+ ret =
+ gnutls_x509_cidr_to_rfc5280
+ (cfg.excluded_nc_ip[i], &name);
if (ret < 0) {
- fprintf(stderr, "error parsing IP constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error parsing IP constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
- ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_IPADDRESS, &name);
+ ret =
+ gnutls_x509_name_constraints_add_excluded
+ (nc, GNUTLS_SAN_IPADDRESS, &name);
if (ret < 0) {
- fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error adding constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
free(name.data);
@@ -1135,24 +1154,31 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
for (i = 0; cfg.permitted_nc_dns[i] != NULL; i++) {
- name.data = (void*)cfg.permitted_nc_dns[i];
- name.size = strlen((char*)name.data);
- ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_DNSNAME, &name);
+ name.data = (void *)cfg.permitted_nc_dns[i];
+ name.size = strlen((char *)name.data);
+ ret =
+ gnutls_x509_name_constraints_add_permitted
+ (nc, GNUTLS_SAN_DNSNAME, &name);
if (ret < 0) {
- fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error adding constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
}
}
-
if (cfg.excluded_nc_dns) {
for (i = 0; cfg.excluded_nc_dns[i] != NULL; i++) {
- name.data = (void*)cfg.excluded_nc_dns[i];
- name.size = strlen((char*)name.data);
- ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME, &name);
+ name.data = (void *)cfg.excluded_nc_dns[i];
+ name.size = strlen((char *)name.data);
+ ret =
+ gnutls_x509_name_constraints_add_excluded
+ (nc, GNUTLS_SAN_DNSNAME, &name);
if (ret < 0) {
- fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error adding constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
}
@@ -1160,11 +1186,15 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
if (cfg.permitted_nc_email) {
for (i = 0; cfg.permitted_nc_email[i] != NULL; i++) {
- name.data = (void*)cfg.permitted_nc_email[i];
- name.size = strlen((char*)name.data);
- ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_RFC822NAME, &name);
+ name.data = (void *)cfg.permitted_nc_email[i];
+ name.size = strlen((char *)name.data);
+ ret =
+ gnutls_x509_name_constraints_add_permitted
+ (nc, GNUTLS_SAN_RFC822NAME, &name);
if (ret < 0) {
- fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error adding constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
}
@@ -1172,11 +1202,15 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
if (cfg.excluded_nc_email) {
for (i = 0; cfg.excluded_nc_email[i] != NULL; i++) {
- name.data = (void*)cfg.excluded_nc_email[i];
- name.size = strlen((char*)name.data);
- ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_RFC822NAME, &name);
+ name.data = (void *)cfg.excluded_nc_email[i];
+ name.size = strlen((char *)name.data);
+ ret =
+ gnutls_x509_name_constraints_add_excluded
+ (nc, GNUTLS_SAN_RFC822NAME, &name);
if (ret < 0) {
- fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error adding constraint: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
}
@@ -1184,7 +1218,8 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
ret = gnutls_x509_crt_set_name_constraints(crt, nc, 1);
if (ret < 0) {
- fprintf(stderr, "error setting constraints: %s\n", gnutls_strerror(ret));
+ fprintf(stderr, "error setting constraints: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
@@ -1197,21 +1232,32 @@ void crt_unique_ids_set(gnutls_x509_crt_t crt)
int ret;
if (batch) {
- if (cfg.subject_unique_id == NULL && cfg.issuer_unique_id == NULL)
- return; /* nothing to do */
+ if (cfg.subject_unique_id == NULL
+ && cfg.issuer_unique_id == NULL)
+ return; /* nothing to do */
if (cfg.subject_unique_id) {
- ret = gnutls_x509_crt_set_subject_unique_id(crt, cfg.subject_unique_id, cfg.subject_unique_id_size);
+ ret =
+ gnutls_x509_crt_set_subject_unique_id(crt,
+ cfg.subject_unique_id,
+ cfg.subject_unique_id_size);
if (ret < 0) {
- fprintf(stderr, "error setting subject unique ID: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error setting subject unique ID: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
}
if (cfg.issuer_unique_id) {
- ret = gnutls_x509_crt_set_issuer_unique_id(crt, cfg.issuer_unique_id, cfg.issuer_unique_id_size);
+ ret =
+ gnutls_x509_crt_set_issuer_unique_id(crt,
+ cfg.issuer_unique_id,
+ cfg.issuer_unique_id_size);
if (ret < 0) {
- fprintf(stderr, "error setting issuer unique ID: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error setting issuer unique ID: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
}
@@ -1227,11 +1273,9 @@ void get_uid_crt_set(gnutls_x509_crt_t crt)
return;
ret =
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_LDAP_UID,
- 0, cfg.uid,
- strlen(cfg.uid));
+ 0, cfg.uid, strlen(cfg.uid));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -1259,9 +1303,8 @@ void get_oid_crt_set(gnutls_x509_crt_t crt)
cfg.dn_oid[i], 0,
cfg.dn_oid[i +
1],
- strlen(cfg.
- dn_oid[i +
- 1]));
+ strlen(cfg.dn_oid[i +
+ 1]));
if (ret < 0) {
fprintf(stderr, "set_dn_oid: %s\n",
@@ -1296,7 +1339,9 @@ static unsigned char *decode_ext_string(char *str, unsigned int *ret_size)
p++;
p2 = strchr(p, ')');
if (p2 == NULL) {
- fprintf(stderr, "there is no terminating parenthesis in: %s\n", str);
+ fprintf(stderr,
+ "there is no terminating parenthesis in: %s\n",
+ str);
exit(1);
}
*p2 = 0;
@@ -1305,28 +1350,31 @@ static unsigned char *decode_ext_string(char *str, unsigned int *ret_size)
}
if (strncmp(p, "0x", 2) == 0)
- p+=2;
+ p += 2;
HEX_DECODE(p, raw, raw_size);
- switch(action) {
- case ENCODE_OCTET_STRING:
- tag_len = sizeof(tag);
- res = asn1_encode_simple_der(ASN1_ETYPE_OCTET_STRING, raw, raw_size, tag, &tag_len);
- if (res != ASN1_SUCCESS) {
- fprintf(stderr, "error in DER encoding: %s\n", asn1_strerror(res));
- exit(1);
- }
- tmp = gnutls_malloc(raw_size+tag_len);
- if (tmp == NULL) {
- fprintf(stderr, "error in allocation\n");
- exit(1);
- }
- memcpy(tmp, tag, tag_len);
- memcpy(tmp+tag_len, raw, raw_size);
- gnutls_free(raw);
- raw = tmp;
- raw_size += tag_len;
- break;
+ switch (action) {
+ case ENCODE_OCTET_STRING:
+ tag_len = sizeof(tag);
+ res =
+ asn1_encode_simple_der(ASN1_ETYPE_OCTET_STRING, raw,
+ raw_size, tag, &tag_len);
+ if (res != ASN1_SUCCESS) {
+ fprintf(stderr, "error in DER encoding: %s\n",
+ asn1_strerror(res));
+ exit(1);
+ }
+ tmp = gnutls_malloc(raw_size + tag_len);
+ if (tmp == NULL) {
+ fprintf(stderr, "error in allocation\n");
+ exit(1);
+ }
+ memcpy(tmp, tag, tag_len);
+ memcpy(tmp + tag_len, raw, raw_size);
+ gnutls_free(raw);
+ raw = tmp;
+ raw_size += tag_len;
+ break;
}
*ret_size = raw_size;
@@ -1351,18 +1399,25 @@ void get_extensions_crt_set(int type, void *crt)
}
/* convert hex to bin */
- raw = decode_ext_string(cfg.extensions[i+1], &raw_size);
+ raw =
+ decode_ext_string(cfg.extensions[i + 1], &raw_size);
if (type == TYPE_CRT)
ret =
gnutls_x509_crt_set_extension_by_oid(crt,
- cfg.extensions[i],
- raw, raw_size, 0);
+ cfg.extensions
+ [i],
+ raw,
+ raw_size,
+ 0);
else
ret =
gnutls_x509_crq_set_extension_by_oid(crt,
- cfg.extensions[i],
- raw, raw_size, 0);
+ cfg.extensions
+ [i],
+ raw,
+ raw_size,
+ 0);
gnutls_free(raw);
if (ret < 0) {
@@ -1383,18 +1438,26 @@ void get_extensions_crt_set(int type, void *crt)
exit(1);
}
/* convert hex to bin */
- raw = decode_ext_string(cfg.crit_extensions[i+1], &raw_size);
+ raw =
+ decode_ext_string(cfg.crit_extensions[i + 1],
+ &raw_size);
if (type == TYPE_CRT)
ret =
gnutls_x509_crt_set_extension_by_oid(crt,
- cfg.crit_extensions[i],
- raw, raw_size, 1);
+ cfg.crit_extensions
+ [i],
+ raw,
+ raw_size,
+ 1);
else
ret =
gnutls_x509_crq_set_extension_by_oid(crt,
- cfg.crit_extensions[i],
- raw, raw_size, 1);
+ cfg.crit_extensions
+ [i],
+ raw,
+ raw_size,
+ 1);
gnutls_free(raw);
@@ -1444,7 +1507,7 @@ void get_ocsp_issuer_set(gnutls_x509_crt_t crt)
if (!cfg.ocsp_uris)
return;
for (i = 0; cfg.ocsp_uris[i] != NULL; i++) {
- uri.data = (void*)cfg.ocsp_uris[i];
+ uri.data = (void *)cfg.ocsp_uris[i];
uri.size = strlen(cfg.ocsp_uris[i]);
ret =
gnutls_x509_crt_set_authority_info_access(crt,
@@ -1452,8 +1515,7 @@ void get_ocsp_issuer_set(gnutls_x509_crt_t crt)
&uri);
if (ret < 0) {
fprintf(stderr, "set OCSP URI (%s): %s\n",
- cfg.ocsp_uris[i],
- gnutls_strerror(ret));
+ cfg.ocsp_uris[i], gnutls_strerror(ret));
exit(1);
}
}
@@ -1469,7 +1531,7 @@ void get_ca_issuers_set(gnutls_x509_crt_t crt)
if (!cfg.ca_issuers_uris)
return;
for (i = 0; cfg.ca_issuers_uris[i] != NULL; i++) {
- uri.data = (void*)cfg.ca_issuers_uris[i];
+ uri.data = (void *)cfg.ca_issuers_uris[i];
uri.size = strlen(cfg.ca_issuers_uris[i]);
ret =
gnutls_x509_crt_set_authority_info_access(crt,
@@ -1486,7 +1548,6 @@ void get_ca_issuers_set(gnutls_x509_crt_t crt)
}
}
-
void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt)
{
int ret;
@@ -1500,8 +1561,7 @@ void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt)
0, cfg.pkcs9_email,
strlen(cfg.pkcs9_email));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -1510,9 +1570,8 @@ void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt)
}
-
static
-int default_crl_number(unsigned char* serial, size_t *size)
+int default_crl_number(unsigned char *serial, size_t *size)
{
struct timespec ts;
time_t tv_sec_tmp;
@@ -1561,7 +1620,7 @@ int default_crl_number(unsigned char* serial, size_t *size)
**/
static
void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
- const char *label, const char *rfc_section)
+ const char *label, const char *rfc_section)
{
static char input[MAX_INPUT_SIZE];
int ret;
@@ -1583,8 +1642,7 @@ void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
fprintf(stderr,
"Enter the %s in decimal (123) or hex (0xabcd)\n"
"(default is 0x%s)\n"
- "value: ",
- label, encoded_default.data);
+ "value: ", label, encoded_default.data);
if (fgets(input, sizeof(input), stdin) == NULL)
break;
@@ -1600,17 +1658,19 @@ void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
continue;
}
- if ((decoded.size == SERIAL_MAX_BYTES && decoded.data[0] & 0x80) ||
- decoded.size > SERIAL_MAX_BYTES) {
- fprintf(stderr, "%s would be encoded in more than 20 bytes,"
- "see RFC 5280, section %s\n", label, rfc_section);
+ if ((decoded.size == SERIAL_MAX_BYTES && decoded.data[0] & 0x80)
+ || decoded.size > SERIAL_MAX_BYTES) {
+ fprintf(stderr,
+ "%s would be encoded in more than 20 bytes,"
+ "see RFC 5280, section %s\n", label,
+ rfc_section);
gnutls_free(decoded.data);
continue;
}
if (decoded.size > max_size) {
fprintf(stderr, "maximum %zu octets allowed for %s\n",
- max_size, label);
+ max_size, label);
gnutls_free(decoded.data);
continue;
}
@@ -1626,9 +1686,9 @@ void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
static
void get_serial_value(unsigned char *serial, size_t *size,
- const unsigned char *config, size_t config_size,
- int (create_default)(unsigned char *, size_t *),
- const char *label, const char *rfc_section)
+ const unsigned char *config, size_t config_size,
+ int (create_default) (unsigned char *, size_t *),
+ const char *label, const char *rfc_section)
{
size_t max_size = *size;
int ret;
@@ -1636,7 +1696,7 @@ void get_serial_value(unsigned char *serial, size_t *size,
if (batch && config != NULL) {
if (config_size > max_size) {
fprintf(stderr, "maximum %zu octets allowed for %s!\n",
- max_size, label);
+ max_size, label);
exit(1);
}
memcpy(serial, config, config_size);
@@ -1645,7 +1705,7 @@ void get_serial_value(unsigned char *serial, size_t *size,
ret = create_default(serial, size);
if (ret < 0) {
fprintf(stderr, "error generating default %s: %s\n",
- label, gnutls_strerror(ret));
+ label, gnutls_strerror(ret));
exit(1);
}
}
@@ -1653,9 +1713,11 @@ void get_serial_value(unsigned char *serial, size_t *size,
if (!batch)
read_serial_value(serial, size, max_size, label, rfc_section);
- if ((*size == SERIAL_MAX_BYTES && serial[0] & 0x80) || *size > SERIAL_MAX_BYTES) {
- fprintf(stderr, "%s would be encoded in more than 20 bytes,"
- "see RFC 5280, section %s\n", label, rfc_section);
+ if ((*size == SERIAL_MAX_BYTES && serial[0] & 0x80)
+ || *size > SERIAL_MAX_BYTES) {
+ fprintf(stderr,
+ "%s would be encoded in more than 20 bytes,"
+ "see RFC 5280, section %s\n", label, rfc_section);
exit(1);
}
}
@@ -1684,15 +1746,16 @@ int default_serial(unsigned char *serial, size_t *size)
void get_serial(unsigned char *serial, size_t *size)
{
get_serial_value(serial, size, cfg.serial, cfg.serial_size,
- default_serial, "certificate's serial number", "4.1.2.2");
+ default_serial, "certificate's serial number",
+ "4.1.2.2");
}
static
-time_t get_date(const char* date)
+time_t get_date(const char *date)
{
struct timespec r;
- if (date==NULL || parse_datetime(&r, date, NULL) == 0) {
+ if (date == NULL || parse_datetime(&r, date, NULL) == 0) {
PRINT_TIME_T_ERROR;
fprintf(stderr, "Cannot parse date: %s\n", date);
exit(1);
@@ -1734,18 +1797,18 @@ time_t get_crl_this_update_date(void)
static
time_t days_to_secs(int days)
{
-time_t secs = days;
-time_t now = time(NULL);
+ time_t secs = days;
+ time_t now = time(NULL);
- if (secs != (time_t)-1) {
- if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
+ if (secs != (time_t) - 1) {
+ if (INT_MULTIPLY_OVERFLOW(secs, 24 * 60 * 60)) {
goto overflow;
} else {
- secs *= 24*60*60;
+ secs *= 24 * 60 * 60;
}
}
- if (secs != (time_t)-1) {
+ if (secs != (time_t) - 1) {
if (INT_ADD_OVERFLOW(secs, now)) {
goto overflow;
} else {
@@ -1780,8 +1843,7 @@ time_t get_int_date(const char *txt_val, int int_val, const char *msg)
int days;
do {
- days =
- read_int(msg);
+ days = read_int(msg);
}
while (days == 0);
return days_to_secs(days);
@@ -1790,7 +1852,8 @@ time_t get_int_date(const char *txt_val, int int_val, const char *msg)
time_t get_expiration_date(void)
{
- return get_int_date(cfg.expiration_date, cfg.expiration_days, "The certificate will expire in (days): ");
+ return get_int_date(cfg.expiration_date, cfg.expiration_days,
+ "The certificate will expire in (days): ");
}
int get_ca_status(void)
@@ -1800,8 +1863,7 @@ int get_ca_status(void)
} else {
return
read_yesno
- ("Does the certificate belong to an authority? (y/N): ",
- 0);
+ ("Does the certificate belong to an authority? (y/N): ", 0);
}
}
@@ -1817,10 +1879,10 @@ int get_crq_extensions_status(void)
}
}
-void get_crl_number(unsigned char* serial, size_t * size)
+void get_crl_number(unsigned char *serial, size_t *size)
{
get_serial_value(serial, size, cfg.crl_number, cfg.crl_number_size,
- default_crl_number, "CRL's serial number", "5.2.3");
+ default_crl_number, "CRL's serial number", "5.2.3");
}
int get_path_len(void)
@@ -2028,7 +2090,6 @@ void get_email_set(int type, void *crt)
}
}
-
void get_dc_set(int type, void *crt)
{
int ret = 0, i;
@@ -2043,21 +2104,17 @@ void get_dc_set(int type, void *crt)
gnutls_x509_crt_set_dn_by_oid(crt,
GNUTLS_OID_LDAP_DC,
0,
- cfg.
- dc[i],
+ cfg.dc[i],
strlen
- (cfg.
- dc[i]));
+ (cfg.dc[i]));
else
ret =
gnutls_x509_crq_set_dn_by_oid(crt,
GNUTLS_OID_LDAP_DC,
0,
- cfg.
- dc[i],
+ cfg.dc[i],
strlen
- (cfg.
- dc[i]));
+ (cfg.dc[i]));
if (ret < 0)
break;
@@ -2082,15 +2139,13 @@ void get_dc_set(int type, void *crt)
gnutls_x509_crt_set_dn_by_oid(crt,
GNUTLS_OID_LDAP_DC,
0, p,
- strlen
- (p));
+ strlen(p));
else
ret =
gnutls_x509_crq_set_dn_by_oid(crt,
GNUTLS_OID_LDAP_DC,
0, p,
- strlen
- (p));
+ strlen(p));
counter++;
if (ret < 0)
break;
@@ -2099,8 +2154,7 @@ void get_dc_set(int type, void *crt)
}
if (ret < 0) {
- fprintf(stderr, "set_dn_by_oid: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn_by_oid: %s\n", gnutls_strerror(ret));
exit(1);
}
}
@@ -2138,9 +2192,11 @@ void get_dns_name_set(int type, void *crt)
do {
if (counter == 0) {
- p = read_str("Enter a dnsName of the subject of the certificate: ");
+ p = read_str
+ ("Enter a dnsName of the subject of the certificate: ");
} else {
- p = read_str("Enter an additional dnsName of the subject of the certificate: ");
+ p = read_str
+ ("Enter an additional dnsName of the subject of the certificate: ");
}
if (!p)
return;
@@ -2172,18 +2228,20 @@ static int set_krb5_principal(int type, void *crt)
if (!cfg.krb5_principal)
return 0;
- for (i = 0; cfg.krb5_principal[i] != NULL; i ++) {
+ for (i = 0; cfg.krb5_principal[i] != NULL; i++) {
if (type == TYPE_CRT)
ret =
gnutls_x509_crt_set_subject_alt_name
(crt, GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL,
- cfg.krb5_principal[i], strlen(cfg.krb5_principal[i]),
+ cfg.krb5_principal[i],
+ strlen(cfg.krb5_principal[i]),
GNUTLS_FSAN_APPEND);
else
ret =
gnutls_x509_crq_set_subject_alt_name
(crt, GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL,
- cfg.krb5_principal[i], strlen(cfg.krb5_principal[i]),
+ cfg.krb5_principal[i],
+ strlen(cfg.krb5_principal[i]),
GNUTLS_FSAN_APPEND);
if (ret < 0)
@@ -2192,7 +2250,8 @@ static int set_krb5_principal(int type, void *crt)
}
if (ret < 0) {
- fprintf(stderr, "set_subject_alt_name(GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL): %s\n",
+ fprintf(stderr,
+ "set_subject_alt_name(GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL): %s\n",
gnutls_strerror(ret));
exit(1);
}
@@ -2221,7 +2280,7 @@ static int set_othername(int type, void *crt)
exit(1);
}
- HEX_DECODE (cfg.other_name[i+1], binname, binnamelen);
+ HEX_DECODE(cfg.other_name[i + 1], binname, binnamelen);
if (binnamelen == 0)
break;
@@ -2229,15 +2288,13 @@ static int set_othername(int type, void *crt)
ret =
gnutls_x509_crt_set_subject_alt_othername
(crt, oid,
- binname, binnamelen,
- GNUTLS_FSAN_APPEND);
+ binname, binnamelen, GNUTLS_FSAN_APPEND);
else
ret =
gnutls_x509_crq_set_subject_alt_othername
(crt, oid,
- binname, binnamelen,
- GNUTLS_FSAN_APPEND);
- free (binname);
+ binname, binnamelen, GNUTLS_FSAN_APPEND);
+ free(binname);
binname = NULL;
if (ret < 0)
@@ -2277,14 +2334,18 @@ static int set_othername_utf8(int type, void *crt)
ret =
gnutls_x509_crt_set_subject_alt_othername
(crt, oid,
- cfg.other_name_utf8[i + 1], strlen(cfg.other_name_utf8[i + 1]),
- GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_UTF8_STRING);
+ cfg.other_name_utf8[i + 1],
+ strlen(cfg.other_name_utf8[i + 1]),
+ GNUTLS_FSAN_APPEND |
+ GNUTLS_FSAN_ENCODE_UTF8_STRING);
else
ret =
gnutls_x509_crq_set_subject_alt_othername
(crt, oid,
- cfg.other_name_utf8[i + 1], strlen(cfg.other_name_utf8[i + 1]),
- GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_UTF8_STRING);
+ cfg.other_name_utf8[i + 1],
+ strlen(cfg.other_name_utf8[i + 1]),
+ GNUTLS_FSAN_APPEND |
+ GNUTLS_FSAN_ENCODE_UTF8_STRING);
if (ret < 0)
break;
@@ -2323,14 +2384,18 @@ static int set_othername_octet(int type, void *crt)
ret =
gnutls_x509_crt_set_subject_alt_othername
(crt, oid,
- cfg.other_name_octet[i + 1], strlen(cfg.other_name_octet[i + 1]),
- GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_OCTET_STRING);
+ cfg.other_name_octet[i + 1],
+ strlen(cfg.other_name_octet[i + 1]),
+ GNUTLS_FSAN_APPEND |
+ GNUTLS_FSAN_ENCODE_OCTET_STRING);
else
ret =
gnutls_x509_crq_set_subject_alt_othername
(crt, oid,
- cfg.other_name_octet[i + 1], strlen(cfg.other_name_octet[i + 1]),
- GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_OCTET_STRING);
+ cfg.other_name_octet[i + 1],
+ strlen(cfg.other_name_octet[i + 1]),
+ GNUTLS_FSAN_APPEND |
+ GNUTLS_FSAN_ENCODE_OCTET_STRING);
if (ret < 0)
break;
@@ -2354,7 +2419,7 @@ static int set_xmpp_name(int type, void *crt)
if (!cfg.xmpp_name)
return 0;
- for (i = 0; cfg.xmpp_name[i] != NULL; i ++) {
+ for (i = 0; cfg.xmpp_name[i] != NULL; i++) {
if (type == TYPE_CRT)
ret =
gnutls_x509_crt_set_subject_alt_name
@@ -2382,7 +2447,6 @@ static int set_xmpp_name(int type, void *crt)
return ret;
}
-
void get_other_name_set(int type, void *crt)
{
set_othername(type, crt);
@@ -2399,9 +2463,13 @@ void get_policy_set(gnutls_x509_crt_t crt)
if (batch) {
if (cfg.skip_certs >= 0) {
- ret = gnutls_x509_crt_set_inhibit_anypolicy(crt, cfg.skip_certs);
+ ret =
+ gnutls_x509_crt_set_inhibit_anypolicy(crt,
+ cfg.skip_certs);
if (ret < 0) {
- fprintf(stderr, "error setting inhibit anypolicy: %s\n", gnutls_strerror(ret));
+ fprintf(stderr,
+ "error setting inhibit anypolicy: %s\n",
+ gnutls_strerror(ret));
exit(1);
}
}
@@ -2455,14 +2523,12 @@ void get_uri_set(int type, void *crt)
ret =
gnutls_x509_crt_set_subject_alt_name
(crt, GNUTLS_SAN_URI, cfg.uri[i],
- strlen(cfg.uri[i]),
- GNUTLS_FSAN_APPEND);
+ strlen(cfg.uri[i]), GNUTLS_FSAN_APPEND);
else
ret =
gnutls_x509_crq_set_subject_alt_name
(crt, GNUTLS_SAN_URI, cfg.uri[i],
- strlen(cfg.uri[i]),
- GNUTLS_FSAN_APPEND);
+ strlen(cfg.uri[i]), GNUTLS_FSAN_APPEND);
if (ret < 0)
break;
@@ -2504,8 +2570,6 @@ void get_uri_set(int type, void *crt)
}
}
-
-
int get_sign_status(int server)
{
const char *msg;
@@ -2559,8 +2623,7 @@ int get_crl_sign_status(void)
} else {
return
read_yesno
- ("Will the certificate be used to sign CRLs? (y/N): ",
- 0);
+ ("Will the certificate be used to sign CRLs? (y/N): ", 0);
}
}
@@ -2589,7 +2652,10 @@ int get_data_encipherment_status(void)
if (batch) {
return cfg.data_encipherment;
} else {
- return read_yesno("Will the certificate be used for data encryption? (y/N): ", 0);
+ return
+ read_yesno
+ ("Will the certificate be used for data encryption? (y/N): ",
+ 0);
}
}
@@ -2600,8 +2666,7 @@ int get_code_sign_status(void)
} else {
return
read_yesno
- ("Will the certificate be used to sign code? (y/N): ",
- 0);
+ ("Will the certificate be used to sign code? (y/N): ", 0);
}
}
@@ -2655,10 +2720,11 @@ int get_ipsec_ike_status(void)
time_t get_crl_next_update(void)
{
- return get_int_date(cfg.next_update_date, cfg.crl_next_update, "The next CRL will be issued in (days): ");
+ return get_int_date(cfg.next_update_date, cfg.crl_next_update,
+ "The next CRL will be issued in (days): ");
}
-const char *get_proxy_policy(char **policy, size_t * policylen)
+const char *get_proxy_policy(char **policy, size_t *policylen)
{
const char *ret;
@@ -2702,8 +2768,7 @@ void get_country_crq_set(gnutls_x509_crq_t crq)
0, cfg.country,
strlen(cfg.country));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -2725,10 +2790,12 @@ void get_organization_crq_set(gnutls_x509_crq_t crq)
for (i = 0; cfg.organization[i] != NULL; i++) {
ret =
gnutls_x509_crq_set_dn_by_oid(crq,
- GNUTLS_OID_X520_ORGANIZATION_NAME,
- 0, cfg.organization[i],
- strlen(cfg.
- organization[i]));
+ GNUTLS_OID_X520_ORGANIZATION_NAME,
+ 0,
+ cfg.organization[i],
+ strlen
+ (cfg.organization
+ [i]));
if (ret < 0) {
fprintf(stderr, "set_dn: %s\n",
gnutls_strerror(ret));
@@ -2754,9 +2821,9 @@ void get_unit_crq_set(gnutls_x509_crq_t crq)
for (i = 0; cfg.unit[i] != NULL; i++) {
ret =
gnutls_x509_crq_set_dn_by_oid(crq,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit[i],
- strlen(cfg.unit[i]));
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit[i],
+ strlen(cfg.unit[i]));
if (ret < 0) {
fprintf(stderr, "set_dn: %s\n",
gnutls_strerror(ret));
@@ -2783,8 +2850,7 @@ void get_state_crq_set(gnutls_x509_crq_t crq)
0, cfg.state,
strlen(cfg.state));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -2807,8 +2873,7 @@ void get_locality_crq_set(gnutls_x509_crq_t crq)
0, cfg.locality,
strlen(cfg.locality));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -2845,16 +2910,13 @@ void get_cn_crq_set(gnutls_x509_crq_t crq)
ret =
gnutls_x509_crq_set_dn_by_oid(crq,
GNUTLS_OID_X520_COMMON_NAME,
- 0, cfg.cn,
- strlen(cfg.cn));
+ 0, cfg.cn, strlen(cfg.cn));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
- read_crq_set(crq, "Common name: ",
- GNUTLS_OID_X520_COMMON_NAME);
+ read_crq_set(crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
}
}
@@ -2868,11 +2930,9 @@ void get_uid_crq_set(gnutls_x509_crq_t crq)
return;
ret =
gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_LDAP_UID,
- 0, cfg.uid,
- strlen(cfg.uid));
+ 0, cfg.uid, strlen(cfg.uid));
if (ret < 0) {
- fprintf(stderr, "set_dn: %s\n",
- gnutls_strerror(ret));
+ fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
exit(1);
}
} else {
@@ -2900,9 +2960,8 @@ void get_oid_crq_set(gnutls_x509_crq_t crq)
cfg.dn_oid[i], 0,
cfg.dn_oid[i +
1],
- strlen(cfg.
- dn_oid[i +
- 1]));
+ strlen(cfg.dn_oid[i +
+ 1]));
if (ret < 0) {
fprintf(stderr, "set_dn_oid: %s\n",
@@ -2935,7 +2994,8 @@ void get_tlsfeatures_set(int type, void *crt)
feature = strtoul(cfg.tls_features[i], 0, 10);
ret = gnutls_x509_tlsfeatures_add(features, feature);
if (ret < 0) {
- fprintf(stderr, "gnutls_x509_tlsfeatures_add: %s\n",
+ fprintf(stderr,
+ "gnutls_x509_tlsfeatures_add: %s\n",
gnutls_strerror(ret));
exit(1);
}
@@ -2944,15 +3004,16 @@ void get_tlsfeatures_set(int type, void *crt)
if (type == TYPE_CRT) {
ret = gnutls_x509_crt_set_tlsfeatures(crt, features);
if (ret < 0) {
- fprintf(stderr, "gnutls_x509_crt_set_tlsfeatures: %s\n",
+ fprintf(stderr,
+ "gnutls_x509_crt_set_tlsfeatures: %s\n",
gnutls_strerror(ret));
exit(1);
}
- }
- else {
+ } else {
ret = gnutls_x509_crq_set_tlsfeatures(crt, features);
if (ret < 0) {
- fprintf(stderr, "gnutls_x509_crq_set_tlsfeatures: %s\n",
+ fprintf(stderr,
+ "gnutls_x509_crq_set_tlsfeatures: %s\n",
gnutls_strerror(ret));
exit(1);
}
@@ -2971,9 +3032,14 @@ void crq_extensions_set(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
return;
for (i = 0; cfg.exts_to_honor[i]; ++i) {
- ret = gnutls_x509_crt_set_crq_extension_by_oid(crt, crq, cfg.exts_to_honor[i], 0);
+ ret =
+ gnutls_x509_crt_set_crq_extension_by_oid(crt, crq,
+ cfg.exts_to_honor
+ [i], 0);
if (ret < 0) {
- fprintf(stderr, "setting extension failed: %s: %s\n", cfg.exts_to_honor[i],
+ fprintf(stderr,
+ "setting extension failed: %s: %s\n",
+ cfg.exts_to_honor[i],
gnutls_strerror(ret));
}
}
View Lorry Controller Status