[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-13-gc495
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-13-gc4951af |
Date: |
Fri, 11 May 2012 20:23:02 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c4951af8b85be1963f8dc67f97fb82df55e0fced
The branch, gnutls_3_0_x-2 has been updated
via c4951af8b85be1963f8dc67f97fb82df55e0fced (commit)
from 1b1f8c90e7b005e8fbdb33e20a56fa2f18b6b2cd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c4951af8b85be1963f8dc67f97fb82df55e0fced
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri May 11 22:07:48 2012 +0200
Added support for the URI type of subject alternative name in certtool.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 ++
src/certtool-cfg.c | 61 ++++++++++++++++++++++++++++++++++++
src/certtool-cfg.h | 1 +
src/certtool.c | 10 +++---
tests/cert-tests/template-test.pem | 19 ++++++-----
5 files changed, 80 insertions(+), 14 deletions(-)
diff --git a/NEWS b/NEWS
index b5c7084..9f8c3f4 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,9 @@ See the end for copying conditions.
** libgnutls: Added gnutls_pubkey_verify_hash2()
+** certtool: Added support for the URI subject alternative
+name type in certtool.
+
** API and ABI modifications:
gnutls_pk_to_sign: Added
gnutls_pubkey_verify_hash2: Added
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index d47ef76..d4aeefa 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -63,6 +63,7 @@ typedef struct _cfg_ctx
char *country;
char **dc;
char **dns_name;
+ char **uri;
char **ip_addr;
char **email;
char **dn_oid;
@@ -233,6 +234,8 @@ template_parse (const char *template)
READ_MULTI_LINE("dc", cfg.dc);
READ_MULTI_LINE("dns_name", cfg.dns_name);
+ READ_MULTI_LINE("uri", cfg.uri);
+
READ_MULTI_LINE("ip_address", cfg.ip_addr);
READ_MULTI_LINE("email", cfg.email);
READ_MULTI_LINE("key_purpose_oid", cfg.key_purpose_oids);
@@ -1208,6 +1211,64 @@ get_dns_name_set (int type, void *crt)
}
}
+void
+get_uri_set (int type, void *crt)
+{
+ int ret = 0, i;
+
+ if (batch)
+ {
+ if (!cfg.uri)
+ return;
+
+ for (i = 0; cfg.uri[i] != NULL; i++)
+ {
+ if (type == TYPE_CRT)
+ ret =
+ gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_URI,
+ cfg.uri[i],
+ strlen (cfg.uri[i]),
+ GNUTLS_FSAN_APPEND);
+ else
+ ret =
+ gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_URI,
+ cfg.uri[i],
+ strlen (cfg.uri[i]),
+ GNUTLS_FSAN_APPEND);
+
+ if (ret < 0)
+ break;
+ }
+ }
+ else
+ {
+ const char *p;
+
+ do
+ {
+ p =
+ read_str ("Enter a URI of the subject of the certificate: ");
+ if (!p)
+ return;
+
+ if (type == TYPE_CRT)
+ ret = gnutls_x509_crt_set_subject_alt_name
+ (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
+ else
+ ret = gnutls_x509_crq_set_subject_alt_name
+ (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
+ }
+ while (p);
+ }
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
+}
+
+
int
get_sign_status (int server)
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index 5181425..878ecac 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -67,6 +67,7 @@ int get_encrypt_status (int server);
int get_sign_status (int server);
void get_ip_addr_set (int type, void *crt);
void get_dns_name_set (int type, void *crt);
+void get_uri_set (int type, void *crt);
void get_email_set (int type, void *crt);
int get_ipsec_ike_status (void);
void get_dc_set (int type, void *crt);
diff --git a/src/certtool.c b/src/certtool.c
index 58ebcd1..59d6155 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -484,11 +484,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
is_ike = get_ipsec_ike_status ();
server = get_tls_server_status ();
- if ((server != 0 && !proxy) || is_ike)
- {
- get_dns_name_set (TYPE_CRT, crt);
- get_ip_addr_set (TYPE_CRT, crt);
- }
+
+ get_dns_name_set (TYPE_CRT, crt);
+ get_uri_set (TYPE_CRT, crt);
+ get_ip_addr_set (TYPE_CRT, crt);
if (server != 0)
{
@@ -1864,6 +1863,7 @@ generate_request (common_info_st * cinfo)
get_oid_crq_set (crq);
get_dns_name_set (TYPE_CRQ, crq);
+ get_uri_set (TYPE_CRQ, crq);
get_ip_addr_set (TYPE_CRQ, crq);
get_email_set (TYPE_CRQ, crq);
diff --git a/tests/cert-tests/template-test.pem
b/tests/cert-tests/template-test.pem
index 30ddd8a..0b0866f 100644
--- a/tests/cert-tests/template-test.pem
+++ b/tests/cert-tests/template-test.pem
@@ -1,5 +1,5 @@
-----BEGIN CERTIFICATE-----
-MIIDoDCCAwmgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
+MIID4jCCA0ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix
EjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzAN
BgNVBAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
@@ -11,12 +11,13 @@
BgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25l
QG5vbmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
-NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4GzMIGwMA8GA1UdEwEB/wQFMAMB
-Af8wKAYDVR0RBCEwH4ENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYD
-VR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUXUCt
-8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL3d3dy5n
-ZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQELBQADgYEASd+38D+lbUJIcDCK
-s8QbRpsfw3aRrgIjxY0kSpPeeJ6t+zttbUkdl3xVqZkldJHWZihdY1h0Nqh3W3An
-I6yr+Uex8az0LUrimc3EwYh4QWNUq142Dy2IXlmE3WOipjOatXeMZFj4mruJbYqZ
-psMUofmkNLXu8fEFauBU5jQ2SEA=
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4H1MIHyMA8GA1UdEwEB/wQFMAMB
+Af8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jn
+ghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EO
+d2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD
+AwcEADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAj
+oCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQEL
+BQADgYEAkRe0HlWiwWEWV815XYU7IBWD+e7hVnpyTNaFrS2zn1vQfi0XQ1eX8DjH
+AEWFB5qKppkdXTP0MihieFvUbmgybuc/ep7JRu3l2MBly2latSJViqiHoo9GHqbi
+lX9KX8XUx1+ONbBy3rYqUATq+z7WEdN9iN8wNXMVMTv0hD5GnuM=
-----END CERTIFICATE-----
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-13-gc4951af,
Nikos Mavrogiannopoulos <=