From: Thomas Egerer Date: Fri, 4 Nov 2011 11:29:59 +0000 (+0100) Subject: Allow support for CA-certificate retrieval in scepclient X-Git-Tag: 4.6.0^0 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=72a1b2e3089ca3814a7741fb162620b7215e5807;p=thirdparty%2Fstrongswan.git Allow support for CA-certificate retrieval in scepclient I think somehow this functionality got lost in the way from strongswan-2.7.0... --- diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 6d5bf38ae0..2d364d654e 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -334,6 +334,7 @@ int main(int argc, char **argv) char *file_out_pkcs7 = DEFAULT_FILENAME_PKCS7; char *file_out_cert_self = DEFAULT_FILENAME_CERT_SELF; char *file_out_cert = DEFAULT_FILENAME_CERT; + char *file_out_ca_cert = DEFAULT_FILENAME_CACERT_ENC; /* by default user certificate is requested */ bool request_ca_certificate = FALSE; @@ -540,6 +541,8 @@ int main(int argc, char **argv) else if (strcaseeq("cacert", optarg)) { request_ca_certificate = TRUE; + if (filename) + file_out_ca_cert = filename; } else { @@ -783,6 +786,24 @@ int main(int argc, char **argv) usage("cannot generate --out of given --in!"); } + /* get CA cert */ + if (request_ca_certificate) + { + char *path = concatenate_paths(CA_CERT_PATH, file_out_ca_cert); + + if (!scep_http_request(scep_url, chunk_empty, SCEP_GET_CA_CERT, + http_get_request, &scep_response)) + { + exit_scepclient("did not receive a valid scep response"); + } + + if (!chunk_write(scep_response, path, "ca cert", 0022, force)) + { + exit_scepclient("could not write ca cert file '%s'", path); + } + exit_scepclient(NULL); /* no further output required */ + } + /* * input of PKCS#1 file */