pki tool shows and builds crlSign keyUsage
[strongswan.git] / src / pki / commands / issue.c
index 98335fc..f1af5eb 100644 (file)
@@ -120,6 +120,10 @@ static int issue()
                                {
                                        flags |= X509_CLIENT_AUTH;
                                }
+                               else if (streq(arg, "crlSign"))
+                               {
+                                       flags |= X509_CRL_SIGN;
+                               }
                                else if (streq(arg, "ocspSigning"))
                                {
                                        flags |= X509_OCSP_SIGNER;
@@ -378,7 +382,7 @@ static void __attribute__ ((constructor))reg()
                {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex",
                 " --cacert file --dn subject-dn [--san subjectAltName]+",
                 "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
-                "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
+                "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
                {
                        {"help",                'h', 0, "show usage information"},