diff options
Diffstat (limited to 'src/pki/commands/self.c')
| -rw-r--r-- | src/pki/commands/self.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 513598588..ef0ea6bf3 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -56,7 +56,7 @@ static int self() identification_t *id = NULL; linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings; int lifetime = 1095; - int pathlen = X509_NO_CONSTRAINT; + int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT; int inhibit_policy = X509_NO_CONSTRAINT, explicit_policy = X509_NO_CONSTRAINT; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; @@ -200,6 +200,9 @@ static int self() case 'H': inhibit_policy = atoi(arg); continue; + case 'A': + inhibit_any = atoi(arg); + continue; case 'e': if (streq(arg, "serverAuth")) { @@ -314,6 +317,7 @@ static int self() BUILD_POLICY_MAPPINGS, mappings, BUILD_POLICY_CONSTRAINT_EXPLICIT, explicit_policy, BUILD_POLICY_CONSTRAINT_INHIBIT, inhibit_policy, + BUILD_POLICY_CONSTRAINT_INHIBIT_ANY, inhibit_any, BUILD_END); if (!cert) { @@ -377,7 +381,7 @@ static void __attribute__ ((constructor))reg() "[--nc-permitted name] [--nc-excluded name]", "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+", "[--policy-map issuer-oid:subject-oid]", - "[--policy-explicit len] [--policy-inhibit len] ", + "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, @@ -398,6 +402,7 @@ static void __attribute__ ((constructor))reg() {"policy-mapping", 'M', 1, "policyMapping from issuer to subject OID"}, {"policy-explicit", 'E', 1, "requireExplicitPolicy constraint"}, {"policy-inhibit", 'H', 1, "inhibitPolicyMapping constraint"}, + {"policy-any", 'A', 1, "inhibitAnyPolicy constraint"}, {"flag", 'e', 1, "include extendedKeyUsage flag"}, {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: sha1"}, |