search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update.
[gnutls.git] / src / certtool-cfg.c
blob18090f2a05bf066720ac4143af8e20de1275430c
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation
3 *
4 * This file is part of GNUTLS.
5 *
6 * GNUTLS is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * GNUTLS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <config.h>
22
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <certtool-cfg.h>
26 #include <cfg+.h>
27 #include <gnutls/x509.h>
28 #include <string.h>
29 #include <limits.h>
30 #include <inttypes.h>
31 #include <time.h>
32
33 /* Gnulib portability files. */
34 #include <getpass.h>
35 #include "readline.h"
36
37 extern int batch;
38
39 typedef struct _cfg_ctx
40 {
41 char *organization;
42 char *unit;
43 char *locality;
44 char *state;
45 char *cn;
46 char *uid;
47 char *challenge_password;
48 char *pkcs9_email;
49 char *country;
50 char *dns_name;
51 char *ip_addr;
52 char *email;
53 char **dn_oid;
54 char *crl_dist_points;
55 char *password;
56 char *pkcs12_key_name;
57 int serial;
58 int expiration_days;
59 int ca;
60 int path_len;
61 int tls_www_client;
62 int tls_www_server;
63 int signing_key;
64 int encryption_key;
65 int cert_sign_key;
66 int crl_sign_key;
67 int code_sign_key;
68 int ocsp_sign_key;
69 int time_stamping_key;
70 int crl_next_update;
71 char *proxy_policy_language;
72 } cfg_ctx;
73
74 cfg_ctx cfg;
75
76 void
77 cfg_init (void)
78 {
79 memset (&cfg, 0, sizeof (cfg));
80 cfg.path_len = -1;
81 cfg.serial = -1;
82 }
83
84 int
85 template_parse (const char *template)
86 {
87 /* libcfg+ parsing context */
88 CFG_CONTEXT con;
89
90 /* Parsing return code */
91 register int ret;
92
93 /* Option variables */
94
95 /* Option set */
96 struct cfg_option options[] = {
97 {NULL, '\0', "organization", CFG_STR, (void *) &cfg.organization,
98 0},
99 {NULL, '\0', "unit", CFG_STR, (void *) &cfg.unit, 0},
100 {NULL, '\0', "locality", CFG_STR, (void *) &cfg.locality, 0},
101 {NULL, '\0', "state", CFG_STR, (void *) &cfg.state, 0},
102 {NULL, '\0', "cn", CFG_STR, (void *) &cfg.cn, 0},
103 {NULL, '\0', "uid", CFG_STR, (void *) &cfg.uid, 0},
104 {NULL, '\0', "challenge_password", CFG_STR,
105 (void *) &cfg.challenge_password, 0},
106 {NULL, '\0', "password", CFG_STR, (void *) &cfg.password, 0},
107 {NULL, '\0', "pkcs9_email", CFG_STR, (void *) &cfg.pkcs9_email, 0},
108 {NULL, '\0', "country", CFG_STR, (void *) &cfg.country, 0},
109 {NULL, '\0', "dns_name", CFG_STR, (void *) &cfg.dns_name, 0},
110 {NULL, '\0', "ip_address", CFG_STR, (void *) &cfg.ip_addr, 0},
111 {NULL, '\0', "email", CFG_STR, (void *) &cfg.email, 0},
112
113 {NULL, '\0', "dn_oid", CFG_STR + CFG_MULTI_SEPARATED,
114 (void *) &cfg.dn_oid, 0},
115
116 {NULL, '\0', "crl_dist_points", CFG_STR,
117 (void *) &cfg.crl_dist_points, 0},
118 {NULL, '\0', "pkcs12_key_name", CFG_STR,
119 (void *) &cfg.pkcs12_key_name, 0},
120
121 {NULL, '\0', "serial", CFG_INT, (void *) &cfg.serial, 0},
122 {NULL, '\0', "expiration_days", CFG_INT,
123 (void *) &cfg.expiration_days, 0},
124
125 {NULL, '\0', "crl_next_update", CFG_INT,
126 (void *) &cfg.crl_next_update, 0},
127
128 {NULL, '\0', "ca", CFG_BOOL, (void *) &cfg.ca, 0},
129 {NULL, '\0', "path_len", CFG_INT, (void *) &cfg.path_len, 0},
130 {NULL, '\0', "tls_www_client", CFG_BOOL,
131 (void *) &cfg.tls_www_client, 0},
132 {NULL, '\0', "tls_www_server", CFG_BOOL,
133 (void *) &cfg.tls_www_server, 0},
134 {NULL, '\0', "signing_key", CFG_BOOL, (void *) &cfg.signing_key,
135 0},
136 {NULL, '\0', "encryption_key", CFG_BOOL,
137 (void *) &cfg.encryption_key, 0},
138 {NULL, '\0', "cert_signing_key", CFG_BOOL,
139 (void *) &cfg.cert_sign_key, 0},
140 {NULL, '\0', "crl_signing_key", CFG_BOOL,
141 (void *) &cfg.crl_sign_key, 0},
142 {NULL, '\0', "code_signing_key", CFG_BOOL,
143 (void *) &cfg.code_sign_key, 0},
144 {NULL, '\0', "ocsp_signing_key", CFG_BOOL,
145 (void *) &cfg.ocsp_sign_key, 0},
146 {NULL, '\0', "time_stamping_key", CFG_BOOL,
147 (void *) &cfg.time_stamping_key, 0},
148 {NULL, '\0', "proxy_policy_language", CFG_STR,
149 (void *) &cfg.proxy_policy_language, 0},
150 CFG_END_OF_LIST
151 };
152
153 /* Creating context */
154 con = cfg_get_context (options);
155 if (con == NULL)
156 {
157 puts ("Not enough memory");
158 exit (1);
159 }
160
161 cfg_set_cfgfile_context (con, 0, -1, (char *) template);
162
163 /* Parsing command line */
164 ret = cfg_parse (con);
165
166 if (ret != CFG_OK)
167 {
168 printf ("error parsing command line: %s: ", template);
169 cfg_fprint_error (con, stdout);
170 putchar ('\n');
171 exit (ret < 0 ? -ret : ret);
172 }
173
174 return 0;
175 }
176
177 void
178 read_crt_set (gnutls_x509_crt crt, const char *input_str, const char *oid)
179 {
180 char input[128];
181 int ret;
182
183 fputs (input_str, stderr);
184 fgets (input, sizeof (input), stdin);
185
186 if (strlen (input) == 1) /* only newline */
187 return;
188
189 ret =
190 gnutls_x509_crt_set_dn_by_oid (crt, oid, 0, input, strlen (input) - 1);
191 if (ret < 0)
192 {
193 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
194 exit (1);
195 }
196 }
197
198 void
199 read_crq_set (gnutls_x509_crq crq, const char *input_str, const char *oid)
200 {
201 char input[128];
202 int ret;
203
204 fputs (input_str, stderr);
205 fgets (input, sizeof (input), stdin);
206
207 if (strlen (input) == 1) /* only newline */
208 return;
209
210 ret =
211 gnutls_x509_crq_set_dn_by_oid (crq, oid, 0, input, strlen (input) - 1);
212 if (ret < 0)
213 {
214 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
215 exit (1);
216 }
217 }
218
219 int
220 read_int_with_default (const char *input_str, int def)
221 {
222 char *in;
223 char *endptr;
224 long l;
225
226 in = readline (input_str);
227
228 l = strtol (in, &endptr, 0);
229
230 if (*endptr != '\0')
231 {
232 fprintf (stderr, "Trailing garbage ignored: `%s'\n", endptr);
233 free (in);
234 return 0;
235 }
236
237 if (l <= INT_MIN || l >= INT_MAX)
238 {
239 fprintf (stderr, "Integer out of range: `%s'\n", in);
240 free (in);
241 return 0;
242 }
243
244 if (in == endptr)
245 l = def;
246
247 free (in);
248
249 return (int) l;
250 }
251
252 int
253 read_int (const char *input_str)
254 {
255 return read_int_with_default (input_str, 0);
256 }
257
258 const char *
259 read_str (const char *input_str)
260 {
261 static char input[128];
262 int len;
263
264 fputs (input_str, stderr);
265 if (fgets (input, sizeof (input), stdin) == NULL)
266 return NULL;
267
268 len = strlen (input);
269 if ((len > 0) && (input[len - 1] == '\n'))
270 input[len - 1] = 0;
271 if (input[0] == 0)
272 return NULL;
273
274 return input;
275 }
276
277 int
278 read_yesno (const char *input_str)
279 {
280 char input[128];
281
282 fputs (input_str, stderr);
283 fgets (input, sizeof (input), stdin);
284
285 if (strlen (input) == 1) /* only newline */
286 return 0;
287
288 if (input[0] == 'y' || input[0] == 'Y')
289 return 1;
290
291 return 0;
292 }
293
294
295 /* Wrapper functions for non-interactive mode.
296 */
297 const char *
298 get_pass (void)
299 {
300 if (batch)
301 return cfg.password;
302 else
303 return getpass ("Enter password: ");
304 }
305
306 const char *
307 get_challenge_pass (void)
308 {
309 if (batch)
310 return cfg.challenge_password;
311 else
312 return getpass ("Enter a challenge password: ");
313 }
314
315 const char *
316 get_crl_dist_point_url (void)
317 {
318 if (batch)
319 return cfg.crl_dist_points;
320 else
321 return read_str ("Enter the URI of the CRL distribution point: ");
322 }
323
324 void
325 get_country_crt_set (gnutls_x509_crt crt)
326 {
327 int ret;
328
329 if (batch)
330 {
331 if (!cfg.country)
332 return;
333 ret =
334 gnutls_x509_crt_set_dn_by_oid (crt,
335 GNUTLS_OID_X520_COUNTRY_NAME, 0,
336 cfg.country, strlen (cfg.country));
337 if (ret < 0)
338 {
339 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
340 exit (1);
341 }
342 }
343 else
344 {
345 read_crt_set (crt, "Country name (2 chars): ",
346 GNUTLS_OID_X520_COUNTRY_NAME);
347 }
348
349 }
350
351 void
352 get_organization_crt_set (gnutls_x509_crt crt)
353 {
354 int ret;
355
356 if (batch)
357 {
358 if (!cfg.organization)
359 return;
360
361 ret =
362 gnutls_x509_crt_set_dn_by_oid (crt,
363 GNUTLS_OID_X520_ORGANIZATION_NAME,
364 0, cfg.organization,
365 strlen (cfg.organization));
366 if (ret < 0)
367 {
368 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
369 exit (1);
370 }
371 }
372 else
373 {
374 read_crt_set (crt, "Organization name: ",
375 GNUTLS_OID_X520_ORGANIZATION_NAME);
376 }
377
378 }
379
380 void
381 get_unit_crt_set (gnutls_x509_crt crt)
382 {
383 int ret;
384
385 if (batch)
386 {
387 if (!cfg.unit)
388 return;
389
390 ret =
391 gnutls_x509_crt_set_dn_by_oid (crt,
392 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
393 0, cfg.unit, strlen (cfg.unit));
394 if (ret < 0)
395 {
396 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
397 exit (1);
398 }
399 }
400 else
401 {
402 read_crt_set (crt, "Organizational unit name: ",
403 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
404 }
405
406 }
407
408 void
409 get_state_crt_set (gnutls_x509_crt crt)
410 {
411 int ret;
412
413 if (batch)
414 {
415 if (!cfg.state)
416 return;
417 ret =
418 gnutls_x509_crt_set_dn_by_oid (crt,
419 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
420 0, cfg.state, strlen (cfg.state));
421 if (ret < 0)
422 {
423 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
424 exit (1);
425 }
426 }
427 else
428 {
429 read_crt_set (crt, "State or province name: ",
430 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
431 }
432
433 }
434
435 void
436 get_locality_crt_set (gnutls_x509_crt crt)
437 {
438 int ret;
439
440 if (batch)
441 {
442 if (!cfg.locality)
443 return;
444 ret =
445 gnutls_x509_crt_set_dn_by_oid (crt,
446 GNUTLS_OID_X520_LOCALITY_NAME, 0,
447 cfg.locality, strlen (cfg.locality));
448 if (ret < 0)
449 {
450 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
451 exit (1);
452 }
453 }
454 else
455 {
456 read_crt_set (crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
457 }
458
459 }
460
461 void
462 get_cn_crt_set (gnutls_x509_crt crt)
463 {
464 int ret;
465
466 if (batch)
467 {
468 if (!cfg.cn)
469 return;
470 ret =
471 gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
472 0, cfg.cn, strlen (cfg.cn));
473 if (ret < 0)
474 {
475 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
476 exit (1);
477 }
478 }
479 else
480 {
481 read_crt_set (crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
482 }
483
484 }
485
486 void
487 get_uid_crt_set (gnutls_x509_crt crt)
488 {
489 int ret;
490
491 if (batch)
492 {
493 if (!cfg.uid)
494 return;
495 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0,
496 cfg.uid, strlen (cfg.uid));
497 if (ret < 0)
498 {
499 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
500 exit (1);
501 }
502 }
503 else
504 {
505 read_crt_set (crt, "UID: ", GNUTLS_OID_LDAP_UID);
506 }
507
508 }
509
510 void
511 get_oid_crt_set (gnutls_x509_crt crt)
512 {
513 int ret, i;
514
515 if (batch)
516 {
517 if (!cfg.dn_oid)
518 return;
519 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
520 {
521 if (cfg.dn_oid[i + 1] == NULL)
522 {
523 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
524 cfg.dn_oid[i]);
525 exit (1);
526 }
527 ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
528 cfg.dn_oid[i + 1],
529 strlen (cfg.dn_oid[i + 1]));
530
531 if (ret < 0)
532 {
533 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
534 exit (1);
535 }
536 }
537 }
538
539 }
540
541
542 void
543 get_pkcs9_email_crt_set (gnutls_x509_crt crt)
544 {
545 int ret;
546
547 if (batch)
548 {
549 if (!cfg.pkcs9_email)
550 return;
551 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0,
552 cfg.pkcs9_email,
553 strlen (cfg.pkcs9_email));
554 if (ret < 0)
555 {
556 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
557 exit (1);
558 }
559 }
560 else
561 {
562 read_crt_set (crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL);
563 }
564
565 }
566
567 int
568 get_serial (void)
569 {
570 int default_serial = time (NULL);
571
572 if (batch)
573 {
574 if (cfg.serial < 0)
575 return default_serial;
576 return cfg.serial;
577 }
578 else
579 {
580 return read_int_with_default
581 ("Enter the certificate's serial number (decimal): ", default_serial);
582 }
583 }
584
585 int
586 get_days (void)
587 {
588 int days;
589
590 if (batch)
591 {
592 if (cfg.expiration_days <= 0)
593 return 365;
594 else
595 return cfg.expiration_days;
596 }
597 else
598 {
599 do
600 {
601 days = read_int ("The certificate will expire in (days): ");
602 }
603 while (days == 0);
604 return days;
605 }
606 }
607
608 int
609 get_ca_status (void)
610 {
611 if (batch)
612 {
613 return cfg.ca;
614 }
615 else
616 {
617 return
618 read_yesno ("Does the certificate belong to an authority? (Y/N): ");
619 }
620 }
621
622 int
623 get_path_len (void)
624 {
625 if (batch)
626 {
627 return cfg.path_len;
628 }
629 else
630 {
631 return read_int_with_default
632 ("Path length constraint (decimal, -1 for no constraint): ", -1);
633 }
634 }
635
636 const char *
637 get_pkcs12_key_name (void)
638 {
639 const char *name;
640
641 if (batch)
642 {
643 if (!cfg.pkcs12_key_name)
644 return "Anonymous";
645 return cfg.pkcs12_key_name;
646 }
647 else
648 {
649 do
650 {
651 name = read_str ("Enter a name for the key: ");
652 }
653 while (name == NULL);
654 }
655 return name;
656 }
657
658 int
659 get_tls_client_status (void)
660 {
661 if (batch)
662 {
663 return cfg.tls_www_client;
664 }
665 else
666 {
667 return read_yesno ("Is this a TLS web client certificate? (Y/N): ");
668 }
669 }
670
671 int
672 get_tls_server_status (void)
673 {
674 if (batch)
675 {
676 return cfg.tls_www_server;
677 }
678 else
679 {
680 return
681 read_yesno ("Is this also a TLS web server certificate? (Y/N): ");
682 }
683 }
684
685 const char *
686 get_dns_name (void)
687 {
688 if (batch)
689 {
690 return cfg.dns_name;
691 }
692 else
693 {
694 return
695 read_str ("Enter the dnsName of the subject of the certificate: ");
696 }
697 }
698
699 const char *
700 get_ip_addr (void)
701 {
702 if (batch)
703 {
704 return cfg.ip_addr;
705 }
706 else
707 {
708 return
709 read_str ("Enter the IP address of the subject of the certificate: ");
710 }
711 }
712
713 const char *
714 get_email (void)
715 {
716 if (batch)
717 {
718 return cfg.email;
719 }
720 else
721 {
722 return
723 read_str ("Enter the e-mail of the subject of the certificate: ");
724 }
725 }
726
727 int
728 get_sign_status (int server)
729 {
730 const char *msg;
731
732 if (batch)
733 {
734 return cfg.signing_key;
735 }
736 else
737 {
738 if (server)
739 msg =
740 "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/N): ";
741 else
742 msg =
743 "Will the certificate be used for signing (required for TLS)? (Y/N): ";
744 return read_yesno (msg);
745 }
746 }
747
748 int
749 get_encrypt_status (int server)
750 {
751 const char *msg;
752
753 if (batch)
754 {
755 return cfg.encryption_key;
756 }
757 else
758 {
759 if (server)
760 msg =
761 "Will the certificate be used for encryption (RSA ciphersuites)? (Y/N): ";
762 else
763 msg =
764 "Will the certificate be used for encryption (not required for TLS)? (Y/N): ";
765 return read_yesno (msg);
766 }
767 }
768
769 int
770 get_cert_sign_status (void)
771 {
772 if (batch)
773 {
774 return cfg.cert_sign_key;
775 }
776 else
777 {
778 return
779 read_yesno
780 ("Will the certificate be used to sign other certificates? (Y/N): ");
781 }
782 }
783
784 int
785 get_crl_sign_status (void)
786 {
787 if (batch)
788 {
789 return cfg.crl_sign_key;
790 }
791 else
792 {
793 return
794 read_yesno ("Will the certificate be used to sign CRLs? (Y/N): ");
795 }
796 }
797
798 int
799 get_code_sign_status (void)
800 {
801 if (batch)
802 {
803 return cfg.code_sign_key;
804 }
805 else
806 {
807 return
808 read_yesno ("Will the certificate be used to sign code? (Y/N): ");
809 }
810 }
811
812 int
813 get_ocsp_sign_status (void)
814 {
815 if (batch)
816 {
817 return cfg.ocsp_sign_key;
818 }
819 else
820 {
821 return
822 read_yesno
823 ("Will the certificate be used to sign OCSP requests? (Y/N): ");
824 }
825 }
826
827 int
828 get_time_stamp_status (void)
829 {
830 if (batch)
831 {
832 return cfg.time_stamping_key;
833 }
834 else
835 {
836 return
837 read_yesno
838 ("Will the certificate be used for time stamping? (Y/N): ");
839 }
840 }
841
842 int
843 get_crl_next_update (void)
844 {
845 int days;
846
847 if (batch)
848 {
849 if (cfg.crl_next_update <= 0)
850 return 365;
851 else
852 return cfg.crl_next_update;
853 }
854 else
855 {
856 do
857 {
858 days = read_int ("The next CRL will be issued in (days): ");
859 }
860 while (days == 0);
861 return days;
862 }
863 }
864
865 const char *
866 get_proxy_policy (char **policy, size_t *policylen)
867 {
868 const char *ret;
869
870 if (batch)
871 {
872 ret = cfg.proxy_policy_language;
873 if (!ret)
874 ret = "1.3.6.1.5.5.7.21.1";
875 }
876 else
877 {
878 do
879 {
880 ret = read_str ("Enter the OID of the proxy policy language: ");
881 }
882 while (ret == NULL);
883 }
884
885 *policy = NULL;
886 *policylen = 0;
887
888 if (strcmp (ret, "1.3.6.1.5.5.7.21.1") != 0 &&
889 strcmp (ret, "1.3.6.1.5.5.7.21.2") != 0)
890 {
891 fprintf (stderr, "Reading non-standard proxy policy not supported.\n");
892 }
893
894 return ret;
895 }
896
897 /* CRQ stuff.
898 */
899 void
900 get_country_crq_set (gnutls_x509_crq crq)
901 {
902 int ret;
903
904 if (batch)
905 {
906 if (!cfg.country)
907 return;
908 ret =
909 gnutls_x509_crq_set_dn_by_oid (crq,
910 GNUTLS_OID_X520_COUNTRY_NAME, 0,
911 cfg.country, strlen (cfg.country));
912 if (ret < 0)
913 {
914 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
915 exit (1);
916 }
917 }
918 else
919 {
920 read_crq_set (crq, "Country name (2 chars): ",
921 GNUTLS_OID_X520_COUNTRY_NAME);
922 }
923
924 }
925
926 void
927 get_organization_crq_set (gnutls_x509_crq crq)
928 {
929 int ret;
930
931 if (batch)
932 {
933 if (!cfg.organization)
934 return;
935
936 ret =
937 gnutls_x509_crq_set_dn_by_oid (crq,
938 GNUTLS_OID_X520_ORGANIZATION_NAME,
939 0, cfg.organization,
940 strlen (cfg.organization));
941 if (ret < 0)
942 {
943 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
944 exit (1);
945 }
946 }
947 else
948 {
949 read_crq_set (crq, "Organization name: ",
950 GNUTLS_OID_X520_ORGANIZATION_NAME);
951 }
952
953 }
954
955 void
956 get_unit_crq_set (gnutls_x509_crq crq)
957 {
958 int ret;
959
960 if (batch)
961 {
962 if (!cfg.unit)
963 return;
964
965 ret =
966 gnutls_x509_crq_set_dn_by_oid (crq,
967 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
968 0, cfg.unit, strlen (cfg.unit));
969 if (ret < 0)
970 {
971 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
972 exit (1);
973 }
974 }
975 else
976 {
977 read_crq_set (crq, "Organizational unit name: ",
978 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
979 }
980
981 }
982
983 void
984 get_state_crq_set (gnutls_x509_crq crq)
985 {
986 int ret;
987
988 if (batch)
989 {
990 if (!cfg.state)
991 return;
992 ret =
993 gnutls_x509_crq_set_dn_by_oid (crq,
994 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
995 0, cfg.state, strlen (cfg.state));
996 if (ret < 0)
997 {
998 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
999 exit (1);
1000 }
1001 }
1002 else
1003 {
1004 read_crq_set (crq, "State or province name: ",
1005 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
1006 }
1007
1008 }
1009
1010 void
1011 get_locality_crq_set (gnutls_x509_crq crq)
1012 {
1013 int ret;
1014
1015 if (batch)
1016 {
1017 if (!cfg.locality)
1018 return;
1019 ret =
1020 gnutls_x509_crq_set_dn_by_oid (crq,
1021 GNUTLS_OID_X520_LOCALITY_NAME, 0,
1022 cfg.locality, strlen (cfg.locality));
1023 if (ret < 0)
1024 {
1025 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1026 exit (1);
1027 }
1028 }
1029 else
1030 {
1031 read_crq_set (crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
1032 }
1033
1034 }
1035
1036 void
1037 get_cn_crq_set (gnutls_x509_crq crq)
1038 {
1039 int ret;
1040
1041 if (batch)
1042 {
1043 if (!cfg.cn)
1044 return;
1045 ret =
1046 gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
1047 0, cfg.cn, strlen (cfg.cn));
1048 if (ret < 0)
1049 {
1050 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1051 exit (1);
1052 }
1053 }
1054 else
1055 {
1056 read_crq_set (crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
1057 }
1058
1059 }
1060
1061 void
1062 get_uid_crq_set (gnutls_x509_crq crq)
1063 {
1064 int ret;
1065
1066 if (batch)
1067 {
1068 if (!cfg.uid)
1069 return;
1070 ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0,
1071 cfg.uid, strlen (cfg.uid));
1072 if (ret < 0)
1073 {
1074 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1075 exit (1);
1076 }
1077 }
1078 else
1079 {
1080 read_crq_set (crq, "UID: ", GNUTLS_OID_LDAP_UID);
1081 }
1082
1083 }
1084
1085 void
1086 get_oid_crq_set (gnutls_x509_crq crq)
1087 {
1088 int ret, i;
1089
1090 if (batch)
1091 {
1092 if (!cfg.dn_oid)
1093 return;
1094 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
1095 {
1096 if (cfg.dn_oid[i + 1] == NULL)
1097 {
1098 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
1099 cfg.dn_oid[i]);
1100 exit (1);
1101 }
1102 ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
1103 cfg.dn_oid[i + 1],
1104 strlen (cfg.dn_oid[i + 1]));
1105
1106 if (ret < 0)
1107 {
1108 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
1109 exit (1);
1110 }
1111 }
1112 }
1113
1114 }
Implementation of the SSL/TLS protocol