diff options
| -rw-r--r-- | NEWS | 11 | ||||
| -rw-r--r-- | src/certtool.c | 3 |
2 files changed, 9 insertions, 5 deletions
@@ -24,15 +24,18 @@ See the end for copying conditions. for all certificate verifications, not only under TLS. The configuration can be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. -** certtool: Added the --verify-profile option to set a certificate - verification profile. Use '--verify-profile low' for certificate verification - to apply the 'NORMAL' verification profile. - ** libgnutls: If a CA is found in the trusted list, check in addition to time validity, whether the algorithms comply to the expected level prior to accepting it. This addresses the problem of accepting CAs which would have been marked as insecure otherwise (#877). +** certtool: Added the --verify-profile option to set a certificate + verification profile. Use '--verify-profile low' for certificate verification + to apply the 'NORMAL' verification profile. + +** certtool: The add_extension template option is considered even when generating + a certificate from a certificate request. + ** API and ABI modifications: gnutls_ocsp_req_const_t: Added diff --git a/src/certtool.c b/src/certtool.c index 447f02f765..35438daafa 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -373,7 +373,6 @@ generate_certificate(gnutls_privkey_t * ret_key, get_oid_crt_set(crt); get_key_purpose_set(TYPE_CRT, crt); - get_extensions_crt_set(TYPE_CRT, crt); if (!batch) fprintf(stderr, @@ -467,6 +466,8 @@ generate_certificate(gnutls_privkey_t * ret_key, } } + get_extensions_crt_set(TYPE_CRT, crt); + /* append additional extensions */ if (cinfo->v1_cert == 0) { |