diff options
| -rw-r--r-- | src/pki/command.h | 4 | ||||
| -rw-r--r-- | src/pki/commands/issue.c | 25 | ||||
| -rw-r--r-- | src/pki/commands/self.c | 16 |
3 files changed, 30 insertions, 15 deletions
diff --git a/src/pki/command.h b/src/pki/command.h index b6418146b..b82d174b3 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -32,12 +32,12 @@ /** * Maximum number of options in a command (+1) */ -#define MAX_OPTIONS 14 +#define MAX_OPTIONS 20 /** * Maximum number of usage summary lines (+1) */ -#define MAX_LINES 8 +#define MAX_LINES 10 typedef struct command_t command_t; typedef enum command_type_t command_type_t; diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 06c4e8157..bd27297fa 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -34,7 +34,7 @@ static int issue(int argc, char *argv[]) char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL; char *error = NULL; identification_t *id = NULL; - linked_list_t *san, *cdps; + linked_list_t *san, *cdps, *ocsp; int lifetime = 1080; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; @@ -46,6 +46,7 @@ static int issue(int argc, char *argv[]) options = options_create(); san = linked_list_create(); cdps = linked_list_create(); + ocsp = linked_list_create(); while (TRUE) { @@ -84,9 +85,6 @@ static int issue(int argc, char *argv[]) case 'k': cakey = optarg; continue; - case 'u': - cdps->insert_last(cdps, optarg); - continue; case 'd': dn = optarg; continue; @@ -107,6 +105,12 @@ static int issue(int argc, char *argv[]) case 'b': flags |= X509_CA; continue; + case 'u': + cdps->insert_last(cdps, optarg); + continue; + case 'o': + ocsp->insert_last(ocsp, optarg); + continue; case EOF: break; default: @@ -212,7 +216,8 @@ static int issue(int argc, char *argv[]) BUILD_NOT_BEFORE_TIME, not_before, BUILD_DIGEST_ALG, digest, BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags, - BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_END); + BUILD_CRL_DISTRIBUTION_POINTS, cdps, + BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); if (!cert) { error = "generating certificate failed"; @@ -238,6 +243,7 @@ end: DESTROY_IF(private); san->destroy_offset(san, offsetof(identification_t, destroy)); cdps->destroy(cdps); + ocsp->destroy(ocsp); options->destroy(options); free(encoding.ptr); free(serial.ptr); @@ -252,6 +258,7 @@ end: usage: san->destroy_offset(san, offsetof(identification_t, destroy)); cdps->destroy(cdps); + ocsp->destroy(ocsp); options->destroy(options); return command_usage(error); } @@ -265,9 +272,8 @@ static void __attribute__ ((constructor))reg() issue, 'i', "issue", "issue a certificate using a CA certificate and key", {"[--in file] [--type pub|pkcs10]", - " --cacert file --cakey file [--cdp uri]+", - " --dn subject-dn [--san subjectAltName]+", - "[--lifetime days] [--serial hex] [--ca]", + " --cacert file --cakey file --dn subject-dn [--san subjectAltName]+", + "[--lifetime days] [--serial hex] [--ca] [--crl uri]+ [--ocsp URI]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512]", "[--options file]"}, { @@ -276,12 +282,13 @@ static void __attribute__ ((constructor))reg() {"type", 't', 1, "type of input, default: pub"}, {"cacert", 'c', 1, "CA certificate file"}, {"cakey", 'k', 1, "CA private key file"}, - {"cdp", 'u', 1, "CRL distribution point URI to include"}, {"dn", 'd', 1, "distinguished name to include as subject"}, {"san", 'a', 1, "subjectAltName to include in certificate"}, {"lifetime",'l', 1, "days the certificate is valid, default: 1080"}, {"serial", 's', 1, "serial number in hex, default: random"}, {"ca", 'b', 0, "include CA basicConstraint, default: no"}, + {"crl", 'u', 1, "CRL distribution point URI to include"}, + {"ocsp", 'o', 1, "OCSP AuthoritiyInfoAccess URI to incude"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"options", '+', 1, "read command line options from file"}, } diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index de1761c9c..6edf89902 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -34,7 +34,7 @@ static int self(int argc, char *argv[]) public_key_t *public = NULL; char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL; identification_t *id = NULL; - linked_list_t *san; + linked_list_t *san, *ocsp; int lifetime = 1080; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; @@ -44,6 +44,7 @@ static int self(int argc, char *argv[]) options = options_create(); san = linked_list_create(); + ocsp = linked_list_create(); while (TRUE) { @@ -101,9 +102,12 @@ static int self(int argc, char *argv[]) case 's': hex = optarg; continue; - case 'c': + case 'b': flags |= X509_CA; continue; + case 'o': + ocsp->insert_last(ocsp, optarg); + continue; case EOF: break; default: @@ -168,7 +172,8 @@ static int self(int argc, char *argv[]) BUILD_SUBJECT, id, BUILD_NOT_BEFORE_TIME, not_before, BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags, - BUILD_SUBJECT_ALTNAMES, san, BUILD_END); + BUILD_SUBJECT_ALTNAMES, san, + BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); if (!cert) { error = "generating certificate failed"; @@ -192,6 +197,7 @@ end: DESTROY_IF(public); DESTROY_IF(private); san->destroy_offset(san, offsetof(identification_t, destroy)); + ocsp->destroy(ocsp); options->destroy(options); free(encoding.ptr); free(serial.ptr); @@ -205,6 +211,7 @@ end: usage: san->destroy_offset(san, offsetof(identification_t, destroy)); + ocsp->destroy(ocsp); options->destroy(options); return command_usage(error); } @@ -219,7 +226,7 @@ static void __attribute__ ((constructor))reg() "create a self signed certificate", {"[--in file] [--type rsa|ecdsa]", " --dn distinguished-name [--san subjectAltName]+", - "[--lifetime days] [--serial hex] [--ca]", + "[--lifetime days] [--serial hex] [--ca] [--ocsp URI]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512]", "[--options file]"}, { @@ -231,6 +238,7 @@ static void __attribute__ ((constructor))reg() {"lifetime",'l', 1, "days the certificate is valid, default: 1080"}, {"serial", 's', 1, "serial number in hex, default: random"}, {"ca", 'b', 0, "include CA basicConstraint, default: no"}, + {"ocsp", 'o', 1, "OCSP AuthoritiyInfoAccess URI to incude"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, {"options", '+', 1, "read command line options from file"}, } |