--load-privkey in order to print the corresponding public key of a private
key.
+** certtool: It is able to set certificate policies via a template.
+
** p11tool: After key generation, outputs the public key (useful in
tokens that do not store the public key).
#
# DO NOT EDIT THIS FILE (invoke-certtool.texi)
#
-# It has been AutoGen-ed November 11, 2012 at 08:40:03 PM by AutoGen 5.16
+# It has been AutoGen-ed November 20, 2012 at 12:17:13 AM by AutoGen 5.16
# From the definitions ../src/certtool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
# CA issuers URI
# ca_issuers_uri = http://my.ca.issuer
+# Certificate policies
+# policy = 1.3.6.1.4.1.5484.1.10.99.1.0
+# policy1_txt = "This is a long policy to summarize"
+# policy1_url = http://www.example.com/a-policy-to-read
+
+# policy = 1.3.6.1.4.1.5484.1.10.99.1.1
+# policy2_txt = "This is a short policy"
+# policy2_url = http://www.example.com/another-policy-to-read
+
+
# Options for proxy certificates
# proxy_policy_language = 1.3.6.1.5.5.7.21.1
+
# Options for generating a CRL
# next CRL update will be in 43 days (wow)
*
* DO NOT EDIT THIS FILE (certtool-args.c)
*
- * It has been AutoGen-ed November 11, 2012 at 08:37:40 PM by AutoGen 5.16
+ * It has been AutoGen-ed November 20, 2012 at 12:12:56 AM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
# CA issuers URI
# ca_issuers_uri = http://my.ca.issuer
+# Certificate policies
+# policy = 1.3.6.1.4.1.5484.1.10.99.1.0
+# policy1_txt = "This is a long policy to summarize"
+# policy1_url = http://www.example.com/a-policy-to-read
+
+# policy = 1.3.6.1.4.1.5484.1.10.99.1.1
+# policy2_txt = "This is a short policy"
+# policy2_url = http://www.example.com/another-policy-to-read
+
+
# Options for proxy certificates
# proxy_policy_language = 1.3.6.1.5.5.7.21.1
+
# Options for generating a CRL
# next CRL update will be in 43 days (wow)
*
* DO NOT EDIT THIS FILE (certtool-args.h)
*
- * It has been AutoGen-ed November 11, 2012 at 08:37:40 PM by AutoGen 5.16
+ * It has been AutoGen-ed November 20, 2012 at 12:12:55 AM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
char *challenge_password;
char *pkcs9_email;
char *country;
+ char **policy_oid;
+ char *policy_txt[MAX_ENTRIES];
+ char *policy_url[MAX_ENTRIES];
char **dc;
char **dns_name;
char **uri;
unsigned int i;
tOptionValue const * pov;
const tOptionValue* val;
+ char tmpstr[256];
pov = configFileLoad(template);
if (pov == NULL)
if (val != NULL && val->valType == OPARG_TYPE_STRING)
cfg.country = strdup(val->v.strVal);
+ READ_MULTI_LINE("policy", cfg.policy_oid);
+
+ if (cfg.policy_oid != NULL)
+ {
+ int i = 0;
+ while(cfg.policy_oid[i] != NULL)
+ {
+ snprintf(tmpstr, sizeof(tmpstr), "policy%d_url", i+1);
+ val = optionGetValue(pov, tmpstr);
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.policy_url[i] = strdup(val->v.strVal);
+
+ snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt", i+1);
+ val = optionGetValue(pov, tmpstr);
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ {
+ cfg.policy_txt[i] = strdup(val->v.strVal);
+ }
+
+ i++;
+ }
+ }
+
READ_MULTI_LINE("dc", cfg.dc);
READ_MULTI_LINE("dns_name", cfg.dns_name);
READ_MULTI_LINE("uri", cfg.uri);
}
}
+void
+get_policy_set (gnutls_x509_crt_t crt)
+{
+ int ret = 0, i;
+ gnutls_x509_policy_st policy;
+
+ if (batch)
+ {
+ if (!cfg.policy_oid)
+ return;
+
+ for (i = 0; cfg.policy_oid[i] != NULL; i++)
+ {
+ memset(&policy, 0, sizeof(policy));
+ policy.oid = cfg.policy_oid[i];
+
+ if (cfg.policy_txt[i] != NULL)
+ {
+ policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_NOTICE;
+ policy.qualifier[policy.qualifiers].data = cfg.policy_txt[i];
+ policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_txt[i]);
+ policy.qualifiers++;
+ }
+
+ if (cfg.policy_url[i] != NULL)
+ {
+ policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_URI;
+ policy.qualifier[policy.qualifiers].data = cfg.policy_url[i];
+ policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_url[i]);
+ policy.qualifiers++;
+ }
+
+fprintf(stderr, "setting policy %s with %d qualifiers\n", policy.oid, policy.qualifiers);
+
+ ret =
+ gnutls_x509_crt_set_policy (crt, &policy, 0);
+ if (ret < 0)
+ break;
+ }
+ }
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_policy: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
+}
+
void
get_uri_set (int type, void *crt)
{
int get_sign_status (int server);
void get_ip_addr_set (int type, void *crt);
void get_dns_name_set (int type, void *crt);
+void get_policy_set (gnutls_x509_crt_t);
void get_uri_set (int type, void *crt);
void get_email_set (int type, void *crt);
int get_ipsec_ike_status (void);
get_dns_name_set (TYPE_CRT, crt);
get_uri_set (TYPE_CRT, crt);
get_ip_addr_set (TYPE_CRT, crt);
+ get_policy_set (crt);
if (server != 0)
{