pki tool shows and builds crlSign keyUsage
authorMartin Willi <martin@revosec.ch>
Fri, 3 Dec 2010 12:25:45 +0000 (13:25 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:45:56 +0000 (16:45 +0100)
src/pki/commands/issue.c
src/pki/commands/print.c
src/pki/commands/self.c

index 98335fc..f1af5eb 100644 (file)
@@ -120,6 +120,10 @@ static int issue()
                                {
                                        flags |= X509_CLIENT_AUTH;
                                }
+                               else if (streq(arg, "crlSign"))
+                               {
+                                       flags |= X509_CRL_SIGN;
+                               }
                                else if (streq(arg, "ocspSigning"))
                                {
                                        flags |= X509_OCSP_SIGNER;
@@ -378,7 +382,7 @@ static void __attribute__ ((constructor))reg()
                {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex",
                 " --cacert file --dn subject-dn [--san subjectAltName]+",
                 "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+",
-                "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+",
+                "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
                {
                        {"help",                'h', 0, "show usage information"},
index 4dcc471..35fdaac 100644 (file)
@@ -105,6 +105,10 @@ static void print_x509(x509_t *x509)
        {
                printf("CA ");
        }
+       if (flags & X509_CRL_SIGN)
+       {
+               printf("CRLSign ");
+       }
        if (flags & X509_AA)
        {
                printf("AA ");
index 5e6f0bd..d15b1e2 100644 (file)
@@ -113,6 +113,10 @@ static int self()
                                {
                                        flags |= X509_CLIENT_AUTH;
                                }
+                               else if (streq(arg, "crlSign"))
+                               {
+                                       flags |= X509_CRL_SIGN;
+                               }
                                else if (streq(arg, "ocspSigning"))
                                {
                                        flags |= X509_OCSP_SIGNER;
@@ -257,7 +261,7 @@ static void __attribute__ ((constructor))reg()
                {"[--in file | --keyid hex] [--type rsa|ecdsa]",
                 " --dn distinguished-name [--san subjectAltName]+",
                 "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
-                "[--flag serverAuth|clientAuth|ocspSigning]+",
+                "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
                {
                        {"help",        'h', 0, "show usage information"},