Allow support for CA-certificate retrieval in scepclient 4.6.0
authorThomas Egerer <thomas.egerer@secunet.com>
Fri, 4 Nov 2011 11:29:59 +0000 (12:29 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Nov 2011 14:13:32 +0000 (15:13 +0100)
I think somehow this functionality got lost in the way from
strongswan-2.7.0...

src/scepclient/scepclient.c

index 6d5bf38..2d364d6 100644 (file)
@@ -334,6 +334,7 @@ int main(int argc, char **argv)
        char *file_out_pkcs7     = DEFAULT_FILENAME_PKCS7;
        char *file_out_cert_self = DEFAULT_FILENAME_CERT_SELF;
        char *file_out_cert      = DEFAULT_FILENAME_CERT;
+       char *file_out_ca_cert   = DEFAULT_FILENAME_CACERT_ENC;
 
        /* by default user certificate is requested */
        bool request_ca_certificate = FALSE;
@@ -540,6 +541,8 @@ int main(int argc, char **argv)
                                else if (strcaseeq("cacert", optarg))
                                {
                                        request_ca_certificate = TRUE;
+                                       if (filename)
+                                               file_out_ca_cert = filename;
                                }
                                else
                                {
@@ -783,6 +786,24 @@ int main(int argc, char **argv)
                usage("cannot generate --out of given --in!");
        }
 
+       /* get CA cert */
+       if (request_ca_certificate)
+       {
+               char *path = concatenate_paths(CA_CERT_PATH, file_out_ca_cert);
+
+               if (!scep_http_request(scep_url, chunk_empty, SCEP_GET_CA_CERT,
+                                                          http_get_request, &scep_response))
+               {
+                       exit_scepclient("did not receive a valid scep response");
+               }
+
+               if (!chunk_write(scep_response, path, "ca cert",  0022, force))
+               {
+                       exit_scepclient("could not write ca cert file '%s'", path);
+               }
+               exit_scepclient(NULL); /* no further output required */
+       }
+
        /*
         * input of PKCS#1 file
         */