31
cred_encoding_type_t form = CERT_ASN1_DER;
31
32
hash_algorithm_t digest = HASH_SHA1;
32
33
certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL;
33
34
private_key_t *private = NULL;
37
38
char *error = NULL;
38
39
identification_t *id = NULL;
39
40
linked_list_t *san, *cdps, *ocsp;
41
42
int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
42
43
chunk_t serial = chunk_empty;
43
44
chunk_t encoding = chunk_empty;
121
122
flags |= X509_OCSP_SIGNER;
126
if (!get_form(arg, &form, CRED_CERTIFICATE))
128
return command_usage("invalid output format");
125
132
cdps->insert_last(cdps, arg);
352
358
" --cacert file --cakey file --dn subject-dn [--san subjectAltName]+",
353
359
"[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
354
360
"[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
355
"[--digest md5|sha1|sha224|sha256|sha384|sha512]"},
361
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
357
363
{"help", 'h', 0, "show usage information"},
358
364
{"in", 'i', 1, "public key/request file to issue, default: stdin"},
361
367
{"cakey", 'k', 1, "CA private key file"},
362
368
{"dn", 'd', 1, "distinguished name to include as subject"},
363
369
{"san", 'a', 1, "subjectAltName to include in certificate"},
364
{"lifetime",'l', 1, "days the certificate is valid, default: 1080"},
370
{"lifetime",'l', 1, "days the certificate is valid, default: 1095"},
365
371
{"serial", 's', 1, "serial number in hex, default: random"},
366
372
{"ca", 'b', 0, "include CA basicConstraint, default: no"},
367
373
{"pathlen", 'p', 1, "set path length constraint"},
368
{"flag", 'f', 1, "include extendedKeyUsage flag"},
374
{"flag", 'e', 1, "include extendedKeyUsage flag"},
369
375
{"crl", 'u', 1, "CRL distribution point URI to include"},
370
376
{"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
371
377
{"digest", 'g', 1, "digest for signature creation, default: sha1"},
378
{"outform", 'f', 1, "encoding of generated cert, default: der"},