diff options
Diffstat (limited to 'src/pki/commands/issue.c')
| -rw-r--r-- | src/pki/commands/issue.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 48c1ead20..89c9cc708 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -38,6 +38,7 @@ static int issue() identification_t *id = NULL; linked_list_t *san, *cdps, *ocsp; int lifetime = 1080; + int pathlen = X509_NO_PATH_LEN_CONSTRAINT; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; time_t not_before, not_after; @@ -103,6 +104,9 @@ static int issue() case 'b': flags |= X509_CA; continue; + case 'p': + pathlen = atoi(arg); + continue; case 'f': if (streq(arg, "serverAuth")) { @@ -280,6 +284,7 @@ static int issue() BUILD_NOT_BEFORE_TIME, not_before, BUILD_DIGEST_ALG, digest, BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags, + BUILD_PATHLEN, pathlen, BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); if (!cert) @@ -336,8 +341,8 @@ static void __attribute__ ((constructor))reg() "issue a certificate using a CA certificate and key", {"[--in file] [--type pub|pkcs10]", " --cacert file --cakey file --dn subject-dn [--san subjectAltName]+", - "[--lifetime days] [--serial hex] [--ca] [--crl uri]+ [--ocsp uri]+", - "[--flag serverAuth|ocspSigning]+", + "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+", + "[--ca] [--pathlen len] [--flag serverAuth|ocspSigning]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512]"}, { {"help", 'h', 0, "show usage information"}, @@ -350,6 +355,7 @@ static void __attribute__ ((constructor))reg() {"lifetime",'l', 1, "days the certificate is valid, default: 1080"}, {"serial", 's', 1, "serial number in hex, default: random"}, {"ca", 'b', 0, "include CA basicConstraint, default: no"}, + {"pathlen", 'p', 1, "set path length constraint"}, {"flag", 'f', 1, "include extendedKeyUsage flag"}, {"crl", 'u', 1, "CRL distribution point URI to include"}, {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, |