pki tool shows and builds crlSign keyUsage

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 98335fca0a72ddb88e09f11737caad2363c113f3..f1af5ebf0c9c94d86bccace317b944a031bdbb08 100644 (file)
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -120,6 +120,10 @@ static int issue()
                                {
                                        flags |= X509_CLIENT_AUTH;
                                }
+                               else if (streq(arg, "crlSign"))
+                               {
+                                       flags |= X509_CRL_SIGN;
+                               }
                                else if (streq(arg, "ocspSigning"))
                                {
                                        flags |= X509_OCSP_SIGNER;
@@ -378,7 +382,7 @@ static void __attribute__ ((constructor))reg()
                {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex",
                 " --cacert file --dn subject-dn [--san subjectAltName]+",
                 "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
-                "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
+                "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
                {
                        {"help",                'h', 0, "show usage information"},

diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 4dcc4718e58f4da20c818a2ad56db2ac7c88400e..35fdaac9522a718967d8c266336d47bba57c58a2 100644 (file)
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -105,6 +105,10 @@ static void print_x509(x509_t *x509)
        {
                printf("CA ");
        }
+       if (flags & X509_CRL_SIGN)
+       {
+               printf("CRLSign ");
+       }
        if (flags & X509_AA)
        {
                printf("AA ");

diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 5e6f0bd1497eee05911959579fcdd4d190771c7a..d15b1e26e6739cdccff0f43e27b20e31a371f562 100644 (file)
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -113,6 +113,10 @@ static int self()
                                {
                                        flags |= X509_CLIENT_AUTH;
                                }
+                               else if (streq(arg, "crlSign"))
+                               {
+                                       flags |= X509_CRL_SIGN;
+                               }
                                else if (streq(arg, "ocspSigning"))
                                {
                                        flags |= X509_OCSP_SIGNER;
@@ -257,7 +261,7 @@ static void __attribute__ ((constructor))reg()
                {"[--in file | --keyid hex] [--type rsa|ecdsa]",
                 " --dn distinguished-name [--san subjectAltName]+",
                 "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
-                "[--flag serverAuth|clientAuth|ocspSigning]+",
+                "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
                {
                        {"help",        'h', 0, "show usage information"},