← Back to branch summary

~ubuntu-branches/ubuntu/precise/strongswan/precise

« back to all changes in this revision

Viewing changes to src/pki/commands/issue.c

  • Committer: Bazaar Package Importer
  • Author(s): Bhavani Shankar
  • Date: 2010-10-18 10:19:52 UTC
  • mfrom: (6.1.9 sid)
  • Revision ID: james.westby@ubuntu.com-20101018101952-zqd04yd4jvls81mj
Tags: 4.4.1-5ubuntu1
* Merge from debian unstable. Remaining change
  - Build depend on libnm-glib-dev instead of libnm-glib-vpn-dev to
    match the network manager package naming in Ubuntu

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/pki/commands/issue.c
28
28
 */
29
29
static int issue()
30
30
{
 
31
        cred_encoding_type_t form = CERT_ASN1_DER;
31
32
        hash_algorithm_t digest = HASH_SHA1;
32
33
        certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL;
33
34
        private_key_t *private = NULL;
37
38
        char *error = NULL;
38
39
        identification_t *id = NULL;
39
40
        linked_list_t *san, *cdps, *ocsp;
40
 
        int lifetime = 1080;
 
41
        int lifetime = 1095;
41
42
        int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
42
43
        chunk_t serial = chunk_empty;
43
44
        chunk_t encoding = chunk_empty;
107
108
                        case 'p':
108
109
                                pathlen = atoi(arg);
109
110
                                continue;
110
 
                        case 'f':
 
111
                        case 'e':
111
112
                                if (streq(arg, "serverAuth"))
112
113
                                {
113
114
                                        flags |= X509_SERVER_AUTH;
121
122
                                        flags |= X509_OCSP_SIGNER;
122
123
                                }
123
124
                                continue;
 
125
                        case 'f':
 
126
                                if (!get_form(arg, &form, CRED_CERTIFICATE))
 
127
                                {
 
128
                                        return command_usage("invalid output format");
 
129
                                }
 
130
                                continue;
124
131
                        case 'u':
125
132
                                cdps->insert_last(cdps, arg);
126
133
                                continue;
301
308
                error = "generating certificate failed";
302
309
                goto end;
303
310
        }
304
 
        encoding = cert->get_encoding(cert);
305
 
        if (!encoding.ptr)
 
311
        if (!cert->get_encoding(cert, form, &encoding))
306
312
        {
307
313
                error = "encoding certificate failed";
308
314
                goto end;
352
358
                 " --cacert file --cakey file --dn subject-dn [--san subjectAltName]+",
353
359
                 "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
354
360
                 "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
355
 
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512]"},
 
361
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
356
362
                {
357
363
                        {"help",        'h', 0, "show usage information"},
358
364
                        {"in",          'i', 1, "public key/request file to issue, default: stdin"},
361
367
                        {"cakey",       'k', 1, "CA private key file"},
362
368
                        {"dn",          'd', 1, "distinguished name to include as subject"},
363
369
                        {"san",         'a', 1, "subjectAltName to include in certificate"},
364
 
                        {"lifetime",'l', 1, "days the certificate is valid, default: 1080"},
 
370
                        {"lifetime",'l', 1, "days the certificate is valid, default: 1095"},
365
371
                        {"serial",      's', 1, "serial number in hex, default: random"},
366
372
                        {"ca",          'b', 0, "include CA basicConstraint, default: no"},
367
373
                        {"pathlen",     'p', 1, "set path length constraint"},
368
 
                        {"flag",        'f', 1, "include extendedKeyUsage flag"},
 
374
                        {"flag",        'e', 1, "include extendedKeyUsage flag"},
369
375
                        {"crl",         'u', 1, "CRL distribution point URI to include"},
370
376
                        {"ocsp",        'o', 1, "OCSP AuthorityInfoAccess URI to include"},
371
377
                        {"digest",      'g', 1, "digest for signature creation, default: sha1"},
 
378
                        {"outform",     'f', 1, "encoding of generated cert, default: der"},
372
379
                }
373
380
        });
374
381
}