summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/certtool-args.def8
-rw-r--r--src/certtool-cfg.c40
-rw-r--r--src/certtool-cfg.h2
-rw-r--r--src/certtool.c10
4 files changed, 56 insertions, 4 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 8e4e4a40d5..af2c41bfab 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -888,6 +888,14 @@ encryption_key
# Comment the field for a time-based number.
#crl_number = 5
+# Specify the update dates more precisely.
+#crl_this_update_date = "2004-02-29 16:21:42"
+#crl_next_update_date = "2025-02-29 16:24:41"
+
+# The date that the certificates will be made seen as
+# being revoked.
+#crl_revocation_date = "2025-02-29 16:24:41"
+
@end example
_EOT_;
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 57ca2cc766..540ee42658 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -103,6 +103,9 @@ static struct cfg_options available_options[] = {
{ .name = "country", .type = OPTION_STRING },
{ .name = "expiration_date", .type = OPTION_STRING },
{ .name = "activation_date", .type = OPTION_STRING },
+ { .name = "crl_revocation_date", .type = OPTION_STRING },
+ { .name = "crl_this_update_date", .type = OPTION_STRING },
+ { .name = "crl_next_update_date", .type = OPTION_STRING },
{ .name = "policy*", .type = OPTION_MULTI_LINE }, /* not a multi-line but there are multi as it is a wildcard */
{ .name = "pkcs12_key_name", .type = OPTION_STRING },
{ .name = "proxy_policy_language", .type = OPTION_STRING },
@@ -157,6 +160,9 @@ typedef struct _cfg_ctx {
char *pkcs12_key_name;
char *expiration_date;
char *activation_date;
+ char *revocation_date;
+ char *this_update_date;
+ char *next_update_date;
int64_t serial;
int expiration_days;
int ca;
@@ -376,6 +382,18 @@ int template_parse(const char *template)
if (val != NULL && val->valType == OPARG_TYPE_STRING)
cfg.activation_date = strdup(val->v.strVal);
+ val = optionGetValue(pov, "crl_revocation_date");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.revocation_date = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "crl_this_update_date");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.this_update_date = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "crl_next_update_date");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.next_update_date = strdup(val->v.strVal);
+
for (i = 0; i < MAX_POLICIES; i++) {
snprintf(tmpstr, sizeof(tmpstr), "policy%d", i + 1);
val = optionGetValue(pov, tmpstr);
@@ -1197,6 +1215,26 @@ time_t get_activation_date(void)
return time(NULL);
}
+time_t get_crl_revocation_date(void)
+{
+
+ if (batch && cfg.revocation_date != NULL) {
+ return get_date(cfg.revocation_date);
+ }
+
+ return time(NULL);
+}
+
+time_t get_crl_this_update_date(void)
+{
+
+ if (batch && cfg.this_update_date != NULL) {
+ return get_date(cfg.this_update_date);
+ }
+
+ return time(NULL);
+}
+
static
time_t days_to_secs(int days)
{
@@ -1853,7 +1891,7 @@ int get_ipsec_ike_status(void)
time_t get_crl_next_update(void)
{
- return get_int_date(NULL, cfg.crl_next_update, "The next CRL will be issued in (days): ");
+ return get_int_date(cfg.next_update_date, cfg.crl_next_update, "The next CRL will be issued in (days): ");
}
const char *get_proxy_policy(char **policy, size_t * policylen)
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index 77472f9b7f..2c7240daa2 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -63,6 +63,8 @@ const char *get_pkcs12_key_name(void);
int get_tls_client_status(void);
int get_tls_server_status(void);
time_t get_crl_next_update(void);
+time_t get_crl_revocation_date(void);
+time_t get_crl_this_update_date(void);
int get_time_stamp_status(void);
int get_ocsp_sign_status(void);
int get_code_sign_status(void);
diff --git a/src/certtool.c b/src/certtool.c
index 6989c4b164..0ab0d846bc 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -643,7 +643,7 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
size_t size, crl_size;
int result;
unsigned int i;
- time_t secs, now = time(0);
+ time_t secs, this_update, exp;
crls = load_crl_list(0, &crl_size, cinfo);
if (crls != NULL) {
@@ -663,8 +663,10 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
crts = load_cert_list(0, &size, cinfo);
+ exp = get_crl_revocation_date();
+
for (i = 0; i < size; i++) {
- result = gnutls_x509_crl_set_crt(crl, crts[i], now);
+ result = gnutls_x509_crl_set_crt(crl, crts[i], exp);
if (result < 0) {
fprintf(stderr, "crl_set_crt: %s\n",
gnutls_strerror(result));
@@ -674,7 +676,9 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
}
gnutls_free(crts);
- result = gnutls_x509_crl_set_this_update(crl, now);
+ this_update = get_crl_this_update_date();
+
+ result = gnutls_x509_crl_set_this_update(crl, this_update);
if (result < 0) {
fprintf(stderr, "this_update: %s\n",
gnutls_strerror(result));
View Lorry Controller Status