diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | configure.in | 1 | ||||
| -rw-r--r-- | doc/certtool.cfg | 6 | ||||
| -rw-r--r-- | lib/pkix.asn | 15 | ||||
| -rw-r--r-- | libextra/Makefile.am | 3 | ||||
| -rw-r--r-- | src/certtool-cfg.c | 53 | ||||
| -rw-r--r-- | src/certtool.c | 6 |
7 files changed, 82 insertions, 3 deletions
@@ -10,6 +10,7 @@ Version 1.1.10 - Opencdk library is being included if not found. - certtool can now add ip address SAN extension. - Fixes in openpgp signature verification. +- certtool has now support for more X.520 DN attribute types. Version 1.1.9 (14/04/2004) - Added support for authority key identifier and the extended key usage diff --git a/configure.in b/configure.in index 2e4ed32571..2e72595441 100644 --- a/configure.in +++ b/configure.in @@ -481,6 +481,7 @@ if test x"$minilzo_enabled" = xyes; then AC_DEFINE(USE_MINILZO, 1, [whether to use the included minilzo]) else LZO_LIBS=-llzo +AC_SUBST(LZO_LIBS) fi dnl use lzo diff --git a/doc/certtool.cfg b/doc/certtool.cfg index 14879a14a4..bd9ca316c6 100644 --- a/doc/certtool.cfg +++ b/doc/certtool.cfg @@ -23,6 +23,12 @@ cn = "Cindy Lauper" # A user id of the certificate owner. #uid = "clauper" +# If the support DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal" + # This is deprecated and should not be used in new # certificates. # pkcs9_email = "none@none.org" diff --git a/lib/pkix.asn b/lib/pkix.asn index 81907ec4ff..95b6e32cc7 100644 --- a/lib/pkix.asn +++ b/lib/pkix.asn @@ -434,15 +434,30 @@ X520OrganizationalUnitName ::= DirectoryString id-at-title AttributeType ::= {id-at 12} X520Title ::= DirectoryString +id-at-description AttributeType ::= {id-at 13} +X520Description ::= DirectoryString + id-at-dnQualifier AttributeType ::= {id-at 46} X520dnQualifier ::= PrintableString id-at-countryName AttributeType ::= {id-at 6} X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes +id-at-serialNumber AttributeType ::= {id-at 5} +X520serialNumber ::= PrintableString + +id-at-telephoneNumber AttributeType ::= {id-at 20} +X520telephoneNumber ::= PrintableString + +id-at-facsimileTelephoneNumber AttributeType ::= {id-at 23} +X520facsimileTelephoneNumber ::= PrintableString + id-at-pseudonym AttributeType ::= {id-at 65} X520pseudonym ::= DirectoryString +id-at-name AttributeType ::= {id-at 41} +X520name ::= DirectoryString + id-at-streetAddress AttributeType ::= {id-at 9} X520streetAddress ::= DirectoryString diff --git a/libextra/Makefile.am b/libextra/Makefile.am index f117e33a69..fe631de4a1 100644 --- a/libextra/Makefile.am +++ b/libextra/Makefile.am @@ -47,9 +47,6 @@ if ENABLE_INCLUDED_LZO LZO_OBJECTS = minilzo.c else -if USE_LZO -LZO_LIBS = -llzo -endif LZO_OBJECTS = endif diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index ef578ebd09..cb9ad0e44e 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -46,6 +46,7 @@ typedef struct _cfg_ctx char *dns_name; char* ip_addr; char *email; + char **dn_oid; char *crl_dist_points; char *password; char *pkcs12_key_name; @@ -96,6 +97,9 @@ int template_parse(const char *template) {NULL, '\0', "dns_name", CFG_STR, (void *) &cfg.dns_name, 0}, {NULL, '\0', "ip_address", CFG_STR, (void *) &cfg.ip_addr, 0}, {NULL, '\0', "email", CFG_STR, (void *) &cfg.email, 0}, + + {NULL, '\0', "dn_oid", CFG_STR+CFG_MULTI_SEPARATED, (void *) &cfg.dn_oid, 0}, + {NULL, '\0', "crl_dist_points", CFG_STR, (void *) &cfg.crl_dist_points, 0}, {NULL, '\0', "pkcs12_key_name", CFG_STR, (void *) &cfg.pkcs12_key_name, 0}, @@ -369,6 +373,30 @@ int ret; } +void get_oid_crt_set( gnutls_x509_crt crt) +{ +int ret, i; + + if (batch) { + if (!cfg.dn_oid) return; + for( i = 0; cfg.dn_oid[i] != NULL; i+=2) { + if (cfg.dn_oid[i+1]==NULL) { + fprintf(stderr, "dn_oid: %s does not have an argument.\n", + cfg.dn_oid[i]); + exit(1); + } + ret = gnutls_x509_crt_set_dn_by_oid(crt, cfg.dn_oid[i], 0, + cfg.dn_oid[i+1], strlen(cfg.dn_oid[i+1])); + + if (ret < 0) { + fprintf(stderr, "set_dn_oid: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + } + +} + void get_pkcs9_email_crt_set( gnutls_x509_crt crt) { @@ -698,4 +726,29 @@ int ret; } +void get_oid_crq_set( gnutls_x509_crq crq) +{ +int ret, i; + + if (batch) { + if (!cfg.dn_oid) return; + for( i = 0; cfg.dn_oid[i] != NULL; i+=2) { + if (cfg.dn_oid[i+1]==NULL) { + fprintf(stderr, "dn_oid: %s does not have an argument.\n", + cfg.dn_oid[i]); + exit(1); + } + ret = gnutls_x509_crq_set_dn_by_oid(crq, cfg.dn_oid[i], 0, + cfg.dn_oid[i+1], strlen(cfg.dn_oid[i+1])); + + if (ret < 0) { + fprintf(stderr, "set_dn_oid: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + } + +} + + #endif diff --git a/src/certtool.c b/src/certtool.c index f133226c11..620ddcf73f 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -246,6 +246,8 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key, fprintf(stderr, "Please enter the details of the certificate's distinguished name. " "Just press enter to ignore a field.\n"); + /* set the DN. + */ get_country_crt_set( crt); get_organization_crt_set(crt); get_unit_crt_set( crt); @@ -253,6 +255,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key, get_state_crt_set( crt); get_cn_crt_set( crt); get_uid_crt_set( crt); + get_oid_crt_set( crt); if (!batch) fprintf(stderr, "This field should not be used in new certificates.\n"); @@ -1640,6 +1643,8 @@ void generate_request(void) */ key = generate_private_key_int(); + /* Set the DN. + */ get_country_crq_set( crq); get_organization_crq_set(crq); get_unit_crq_set( crq); @@ -1647,6 +1652,7 @@ void generate_request(void) get_state_crq_set( crq); get_cn_crq_set( crq); get_uid_crq_set( crq); + get_oid_crq_set( crq); ret = gnutls_x509_crq_set_version( crq, 1); if (ret < 0) { |