diff options
| author | Simon Josefsson <simon@josefsson.org> | 2007-01-11 10:35:07 +0000 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2007-01-11 10:35:07 +0000 |
| commit | a0e256088b67deac47044d4e13277d167270e781 (patch) | |
| tree | 2422787ee0a8799b87ce1c31b2689c2d92c909f2 /src | |
| parent | 7cb2b68bf43aa438997b5a2495f33b0e5ef2f36b (diff) | |
| download | gnutls-a0e256088b67deac47044d4e13277d167270e781.tar.gz | |
Support pathLenConstraint.
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool-cfg.c | 18 | ||||
| -rw-r--r-- | src/certtool-cfg.h | 1 | ||||
| -rw-r--r-- | src/certtool.c | 17 |
3 files changed, 30 insertions, 6 deletions
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index f0991e6033..f3341bb413 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2006 Free Software Foundation + * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation * * This file is part of GNUTLS. * @@ -58,6 +58,7 @@ typedef struct _cfg_ctx int serial; int expiration_days; int ca; + int path_len; int tls_www_client; int tls_www_server; int signing_key; @@ -123,6 +124,7 @@ template_parse (const char *template) (void *) &cfg.crl_next_update, 0}, {NULL, '\0', "ca", CFG_BOOL, (void *) &cfg.ca, 0}, + {NULL, '\0', "path_len", CFG_INT, (void *) &cfg.path_len, 0}, {NULL, '\0', "tls_www_client", CFG_BOOL, (void *) &cfg.tls_www_client, 0}, {NULL, '\0', "tls_www_server", CFG_BOOL, @@ -601,6 +603,20 @@ get_ca_status (void) } } +int +get_path_len (void) +{ + if (batch) + { + return cfg.path_len; + } + else + { + return + read_int ("Path length constraint (decimal, -1 for no constraint): "); + } +} + const char * get_pkcs12_key_name (void) { diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index d6ce84c416..72905e61fc 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -35,6 +35,7 @@ void get_oid_crt_set (gnutls_x509_crt crt); int get_serial (void); int get_days (void); int get_ca_status (void); +int get_path_len (void); const char *get_pkcs12_key_name (void); int get_tls_client_status (void); int get_tls_server_status (void); diff --git a/src/certtool.c b/src/certtool.c index f292d02974..3576603f97 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2006 Free Software Foundation + * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation * Copyright (C) 2004 Simon Josefsson * Copyright (C) 2003 Nikos Mavroyanopoulos * @@ -281,7 +281,7 @@ generate_certificate (gnutls_x509_privkey * ret_key, gnutls_x509_crt ca_crt) size_t size; int ret; int serial, client; - int days, result, ca_status; + int days, result, ca_status, path_len; const char *str; int vers = 3; /* the default version in the certificate */ @@ -379,11 +379,15 @@ generate_certificate (gnutls_x509_privkey * ret_key, gnutls_x509_crt ca_crt) fprintf (stderr, "\n\nExtensions.\n"); ca_status = get_ca_status (); + if (ca_status) + path_len = get_path_len (); + else + path_len = -1; - result = gnutls_x509_crt_set_ca_status (crt, ca_status); + result = gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len); if (result < 0) { - fprintf (stderr, "ca_status: %s\n", gnutls_strerror (result)); + fprintf (stderr, "basic_constraints: %s\n", gnutls_strerror (result)); exit (1); } @@ -1132,6 +1136,7 @@ print_certificate_info (gnutls_x509_crt crt, FILE *out, unsigned int all) char dn[256]; char oid[128] = ""; char old_oid[128] = ""; + int pathlen; fprintf (out, "\n\nX.509 certificate info:\n\n"); @@ -1334,7 +1339,7 @@ print_certificate_info (gnutls_x509_crt crt, FILE *out, unsigned int all) /* check for basicConstraints */ - ret = gnutls_x509_crt_get_ca_status (crt, &critical); + ret = gnutls_x509_crt_get_basic_constraints (crt, &critical, NULL, &pathlen); if (ret >= 0) { @@ -1348,6 +1353,8 @@ print_certificate_info (gnutls_x509_crt crt, FILE *out, unsigned int all) else fprintf (out, "\t\tCA:TRUE\n"); + if (pathlen >= 0) + fprintf (out, "\t\tpathLenConstraint: %d\n", pathlen); } /* Key Usage. |