dat.size = size;
ret = gnutls_x509_crl_list_import2(&crl, &crl_max, &dat, GNUTLS_X509_FMT_PEM, 0);
+ if (ret == GNUTLS_E_BASE64_DECODING_ERROR) {
+ ret = gnutls_x509_crl_list_import2(&crl, &crl_max, &dat, GNUTLS_X509_FMT_DER, 0);
+ }
if (ret < 0) {
fprintf(stderr, "Error loading CRLs: %s\n", gnutls_strerror(ret));
exit(1);
void generate_pkcs12(common_info_st * cinfo)
{
gnutls_pkcs12_t pkcs12;
+ gnutls_x509_crl_t *crls;
gnutls_x509_crt_t *crts, ca_crt;
gnutls_x509_privkey_t *keys;
int result;
int indx;
size_t ncrts;
size_t nkeys;
+ size_t ncrls;
fprintf(stderr, "Generating a PKCS #12 structure...\n");
crts = load_cert_list(0, &ncrts, cinfo);
ca_crt = load_ca_cert(0, cinfo);
- if (keys == NULL && crts == NULL && ca_crt == NULL) {
- fprintf(stderr, "You must specify one of\n\t--load-privkey\n\t--load-certificate\n\t--load-ca-certificate\n");
+ crls = load_crl_list(0, &ncrls, cinfo);
+
+ if (keys == NULL && crts == NULL && ca_crt == NULL && crls == NULL) {
+ fprintf(stderr, "You must specify one of\n\t--load-privkey\n\t--load-certificate\n\t--load-ca-certificate\n\t--load-crl\n");
exit(1);
}
gnutls_pkcs12_bag_deinit(bag);
}
+ /* add any CRLs */
+ for (i = 0; i < ncrls; i++) {
+ gnutls_pkcs12_bag_t bag;
+
+ result = gnutls_pkcs12_bag_init(&bag);
+ if (result < 0) {
+ fprintf(stderr, "bag_init: %s\n",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_bag_set_crl(bag, crls[i]);
+ if (result < 0) {
+ fprintf(stderr, "set_crl[%d]: %s\n", i,
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_bag_encrypt(bag, pass, flags);
+ if (result < 0) {
+ fprintf(stderr, "bag_encrypt: %s\n",
+ gnutls_strerror(result));
+ exit(1);
+ }
+
+ result = gnutls_pkcs12_set_bag(pkcs12, bag);
+ if (result < 0) {
+ fprintf(stderr, "set_bag: %s\n",
+ gnutls_strerror(result));
+ exit(1);
+ }
+ gnutls_pkcs12_bag_deinit(bag);
+ }
+
/* Add the ca cert, if any */
if (ca_crt) {
gnutls_pkcs12_bag_t bag;
projects / thirdparty / gnutls.git / commitdiff
