[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-18-g06a5107
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-18-g06a5107 |
|
Date: |
Tue, 06 Mar 2012 21:45:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=06a51074653a7bf7245d484a62152d2fa160b5f6
The branch, master has been updated
via 06a51074653a7bf7245d484a62152d2fa160b5f6 (commit)
from df2b6546b2a5ab7280470a0a8148e014cc6abfc6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 06a51074653a7bf7245d484a62152d2fa160b5f6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 6 22:47:53 2012 +0100
certtool may explicitly set the domain component (DC) field of a DN.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 6 +++-
src/certtool-args.def | 4 +++
src/certtool-cfg.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++-
src/certtool-cfg.h | 1 +
src/certtool.c | 2 +
5 files changed, 64 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index 1c89635..bf9cc04 100644
--- a/NEWS
+++ b/NEWS
@@ -4,11 +4,13 @@ See the end for copying conditions.
* Version 3.0.16 (unreleased)
-** Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2.
-** Small fixes in p11tool handling of the --private command
+** p11tool: Small fixes in handling of the --private command
line option.
+** certtool: The template option allows for setting the DC option.
+
** API and ABI modifications:
No changes since last version.
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 6dcb11d..b3ee295 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -522,6 +522,10 @@ cn = "Cindy Lauper"
# A user id of the certificate owner.
#uid = "clauper"
+# Set domain components
+#dc = "name"
+#dc = "domain"
+
# If the supported DN OIDs are not adequate you can set
# any OID here.
# For example set the X.520 Title and the X.520 Pseudonym
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 907ab90..f92a507 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -61,6 +61,7 @@ typedef struct _cfg_ctx
char *challenge_password;
char *pkcs9_email;
char *country;
+ char **dc;
char **dns_name;
char **ip_addr;
char **email;
@@ -228,6 +229,7 @@ template_parse (const char *template)
if (val != NULL && val->valType == OPARG_TYPE_STRING)
cfg.country = strdup(val->v.strVal);
+ READ_MULTI_LINE("dc", cfg.dc);
READ_MULTI_LINE("dns_name", cfg.dns_name);
READ_MULTI_LINE("ip_address", cfg.ip_addr);
READ_MULTI_LINE("email", cfg.email);
@@ -982,7 +984,6 @@ get_ip_addr_set (int type, void *crt)
}
}
-
void
get_email_set (int type, void *crt)
{
@@ -1041,6 +1042,57 @@ get_email_set (int type, void *crt)
}
}
+
+void
+get_dc_set (int type, void *crt)
+{
+ int ret = 0, i;
+
+ if (batch)
+ {
+ if (!cfg.dc)
+ return;
+
+ for (i = 0; cfg.dc[i] != NULL; i++)
+ {
+ if (type == TYPE_CRT)
+ ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+ 0, cfg.dc[i], strlen (cfg.dc[i]));
+ else
+ ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+ 0, cfg.dc[i], strlen (cfg.dc[i]));
+
+ if (ret < 0)
+ break;
+ }
+ }
+ else
+ {
+ const char *p;
+
+ do
+ {
+ p = read_str ("Enter the subject's domain component (DC): ");
+ if (!p)
+ return;
+
+ if (type == TYPE_CRT)
+ ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+ 0, p, strlen (p));
+ else
+ ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
+ 0, p, strlen (p));
+ }
+ while(p != NULL);
+ }
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_dn_by_oid: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
+}
+
void
get_dns_name_set (int type, void *crt)
{
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index 36bc587..9587f86 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -69,6 +69,7 @@ void get_ip_addr_set (int type, void *crt);
void get_dns_name_set (int type, void *crt);
void get_email_set (int type, void *crt);
int get_ipsec_ike_status (void);
+void get_dc_set (int type, void *crt);
void get_cn_crq_set (gnutls_x509_crq_t crq);
void get_uid_crq_set (gnutls_x509_crq_t crq);
diff --git a/src/certtool.c b/src/certtool.c
index 036aef5..a8bd26b 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -369,6 +369,7 @@ generate_certificate (gnutls_privkey_t * ret_key,
get_locality_crt_set (crt);
get_state_crt_set (crt);
get_cn_crt_set (crt);
+ get_dc_set (TYPE_CRT, crt);
get_uid_crt_set (crt);
get_oid_crt_set (crt);
get_key_purpose_set (crt);
@@ -1856,6 +1857,7 @@ generate_request (common_info_st * cinfo)
get_locality_crq_set (crq);
get_state_crq_set (crq);
get_cn_crq_set (crq);
+ get_dc_set (TYPE_CRQ, crq);
get_uid_crq_set (crq);
get_oid_crq_set (crq);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-18-g06a5107,
Nikos Mavrogiannopoulos <=