doc = "";
};
+flag = {
+ name = ca;
+ disable = "no";
+ disabled;
+ descrip = "Marks the object to be written as a CA";
+ doc = "";
+};
+
flag = {
name = private;
disable = "no";
ENABLED_OPT(PRIVATE) ? "yes" : "no");
fprintf(stderr, "Trusted: %s\n",
ENABLED_OPT(TRUSTED) ? "yes" : "no");
+ fprintf(stderr, "CA: %s\n",
+ ENABLED_OPT(CA) ? "yes" : "no");
fprintf(stderr, "Login: %s\n",
ENABLED_OPT(LOGIN) ? "yes" : "no");
fprintf(stderr, "Detailed URLs: %s\n",
else
priv = -1;
pkcs11_write(outfile, url, label,
- ENABLED_OPT(TRUSTED), priv, login, &cinfo);
+ ENABLED_OPT(TRUSTED),
+ ENABLED_OPT(CA),
+ priv, login, &cinfo);
} else if (HAVE_OPT(INITIALIZE))
pkcs11_init(outfile, url, label, &cinfo);
else if (HAVE_OPT(DELETE))
void pkcs11_token_list(FILE * outfile, unsigned int detailed,
common_info_st *);
void pkcs11_write(FILE * outfile, const char *pkcs11_url,
- const char *label, int trusted, int private,
+ const char *label, int trusted,
+ int ca, int private,
unsigned int login, common_info_st *);
void pkcs11_delete(FILE * outfile, const char *pkcs11_url, int batch,
unsigned int login, common_info_st *);
void
pkcs11_write(FILE * outfile, const char *url, const char *label,
- int trusted, int private,
+ int trusted, int ca, int private,
unsigned int login_flags, common_info_st * info)
{
gnutls_x509_crt_t xcrt;
GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED |
GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
+ if (ca)
+ flags |=
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_CA |
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
+
ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__,