]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
p11tool: Allow marking a certificate as a CA.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 16 Jun 2014 09:28:11 +0000 (11:28 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 16 Jun 2014 09:28:11 +0000 (11:28 +0200)
src/p11tool-args.def
src/p11tool.c
src/p11tool.h
src/pkcs11.c

index 9af4e3fb7771018e10199d646831019b691692a3..d588fb5980127a48fac433f87c86896f5be72835 100644 (file)
@@ -142,6 +142,14 @@ flag = {
     doc = "";
 };
 
+flag = {
+    name      = ca;
+    disable   = "no";
+    disabled;
+    descrip   = "Marks the object to be written as a CA";
+    doc = "";
+};
+
 flag = {
     name      = private;
     disable   = "no";
index 5c5e549e8f74eb4eed64af2e0842efea63f7cd61..4f71d42a8e7a7e8466ebe48db8fcdef79578977f 100644 (file)
@@ -184,6 +184,8 @@ static void cmd_parser(int argc, char **argv)
                                ENABLED_OPT(PRIVATE) ? "yes" : "no");
                fprintf(stderr, "Trusted: %s\n",
                        ENABLED_OPT(TRUSTED) ? "yes" : "no");
+               fprintf(stderr, "CA: %s\n",
+                       ENABLED_OPT(CA) ? "yes" : "no");
                fprintf(stderr, "Login: %s\n",
                        ENABLED_OPT(LOGIN) ? "yes" : "no");
                fprintf(stderr, "Detailed URLs: %s\n",
@@ -232,7 +234,9 @@ static void cmd_parser(int argc, char **argv)
                else
                        priv = -1;
                pkcs11_write(outfile, url, label,
-                            ENABLED_OPT(TRUSTED), priv, login, &cinfo);
+                            ENABLED_OPT(TRUSTED),
+                            ENABLED_OPT(CA),
+                            priv, login, &cinfo);
        } else if (HAVE_OPT(INITIALIZE))
                pkcs11_init(outfile, url, label, &cinfo);
        else if (HAVE_OPT(DELETE))
index 52c59f0ae12ce7b59be958b7dc1c0a438cb0f551..2fe8b1f28e2227acb6a00b43a757df711467d9c8 100644 (file)
@@ -41,7 +41,8 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int login,
 void pkcs11_token_list(FILE * outfile, unsigned int detailed,
                       common_info_st *);
 void pkcs11_write(FILE * outfile, const char *pkcs11_url,
-                 const char *label, int trusted, int private,
+                 const char *label, int trusted, 
+                 int ca, int private,
                  unsigned int login, common_info_st *);
 void pkcs11_delete(FILE * outfile, const char *pkcs11_url, int batch,
                   unsigned int login, common_info_st *);
index 614d3e7f39394463bab3bc8d7434e8bfea1510cf..e9a3cce1bfd192348cf9d75d1f01f7a403228a06 100644 (file)
@@ -401,7 +401,7 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed,
 
 void
 pkcs11_write(FILE * outfile, const char *url, const char *label,
-            int trusted, int private,
+            int trusted, int ca, int private,
             unsigned int login_flags, common_info_st * info)
 {
        gnutls_x509_crt_t xcrt;
@@ -443,6 +443,11 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
                            GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED |
                            GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
 
+               if (ca)
+                       flags |=
+                           GNUTLS_PKCS11_OBJ_FLAG_MARK_CA |
+                           GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
+
                ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags);
                if (ret < 0) {
                        fprintf(stderr, "Error in %s:%d: %s\n", __func__,