From bb0cda2fa9b52d0caac9f98686e12ad9f1ca5905 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 3 Dec 2010 13:25:45 +0100 Subject: [PATCH] pki tool shows and builds crlSign keyUsage --- src/pki/commands/issue.c | 6 +++++- src/pki/commands/print.c | 4 ++++ src/pki/commands/self.c | 6 +++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 98335fca0a..f1af5ebf0c 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -120,6 +120,10 @@ static int issue() { flags |= X509_CLIENT_AUTH; } + else if (streq(arg, "crlSign")) + { + flags |= X509_CRL_SIGN; + } else if (streq(arg, "ocspSigning")) { flags |= X509_OCSP_SIGNER; @@ -378,7 +382,7 @@ static void __attribute__ ((constructor))reg() {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex", " --cacert file --dn subject-dn [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+", - "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+", + "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 4dcc4718e5..35fdaac952 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -105,6 +105,10 @@ static void print_x509(x509_t *x509) { printf("CA "); } + if (flags & X509_CRL_SIGN) + { + printf("CRLSign "); + } if (flags & X509_AA) { printf("AA "); diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 5e6f0bd149..d15b1e26e6 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -113,6 +113,10 @@ static int self() { flags |= X509_CLIENT_AUTH; } + else if (streq(arg, "crlSign")) + { + flags |= X509_CRL_SIGN; + } else if (streq(arg, "ocspSigning")) { flags |= X509_OCSP_SIGNER; @@ -257,7 +261,7 @@ static void __attribute__ ((constructor))reg() {"[--in file | --keyid hex] [--type rsa|ecdsa]", " --dn distinguished-name [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+", - "[--flag serverAuth|clientAuth|ocspSigning]+", + "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, -- 2.47.2