diff options
| -rw-r--r-- | src/scepclient/scepclient.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 6d5bf38ae..2d364d654 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -334,6 +334,7 @@ int main(int argc, char **argv) char *file_out_pkcs7 = DEFAULT_FILENAME_PKCS7; char *file_out_cert_self = DEFAULT_FILENAME_CERT_SELF; char *file_out_cert = DEFAULT_FILENAME_CERT; + char *file_out_ca_cert = DEFAULT_FILENAME_CACERT_ENC; /* by default user certificate is requested */ bool request_ca_certificate = FALSE; @@ -540,6 +541,8 @@ int main(int argc, char **argv) else if (strcaseeq("cacert", optarg)) { request_ca_certificate = TRUE; + if (filename) + file_out_ca_cert = filename; } else { @@ -783,6 +786,24 @@ int main(int argc, char **argv) usage("cannot generate --out of given --in!"); } + /* get CA cert */ + if (request_ca_certificate) + { + char *path = concatenate_paths(CA_CERT_PATH, file_out_ca_cert); + + if (!scep_http_request(scep_url, chunk_empty, SCEP_GET_CA_CERT, + http_get_request, &scep_response)) + { + exit_scepclient("did not receive a valid scep response"); + } + + if (!chunk_write(scep_response, path, "ca cert", 0022, force)) + { + exit_scepclient("could not write ca cert file '%s'", path); + } + exit_scepclient(NULL); /* no further output required */ + } + /* * input of PKCS#1 file */ |