2 * Copyright (C) 2004-2012 Free Software Foundation, Inc.
4 * This file is part of GnuTLS.
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
20 * Written by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
27 #include <certtool-cfg.h>
28 #include <gnutls/x509.h>
33 #include <autoopts/options.h>
36 #include <sys/types.h>
39 # include <sys/socket.h>
41 # include <ws2tcpip.h>
43 #include <arpa/inet.h>
45 /* Gnulib portability files. */
47 #include "certtool-common.h"
51 #define MAX_ENTRIES 16
53 typedef struct _cfg_ctx
61 char *challenge_password
;
69 char *crl_dist_points
;
71 char *pkcs12_key_name
;
84 int time_stamping_key
;
86 char **key_purpose_oids
;
90 char *proxy_policy_language
;
98 memset (&cfg
, 0, sizeof (cfg
));
103 #define READ_MULTI_LINE(name, s_name) \
104 val = optionGetValue(pov, name); \
105 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
107 if (s_name == NULL) { \
109 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
111 if (val && !strcmp(val->pzName, name)==0) \
113 s_name[i] = strdup(val->v.strVal); \
115 if (i>=MAX_ENTRIES) \
117 } while((val = optionNextValue(pov, val)) != NULL); \
122 #define READ_MULTI_LINE_TOKENIZED(name, s_name) \
123 val = optionGetValue(pov, name); \
124 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
128 if (s_name == NULL) { \
130 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
132 if (val && !strcmp(val->pzName, name)==0) \
134 strncpy(str, val->v.strVal, sizeof(str)-1); \
135 str[sizeof(str)-1] = 0; \
136 if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
137 fprintf(stderr, "Error parsing %s\n", name); \
142 s_name[i] = strdup(str); \
143 while(*p==' ' || *p == '\t') p++; \
145 fprintf(stderr, "Error (2) parsing %s\n", name); \
148 s_name[i+1] = strdup(p); \
150 if (i>=MAX_ENTRIES) \
152 } while((val = optionNextValue(pov, val)) != NULL); \
157 #define READ_BOOLEAN(name, s_name) \
158 val = optionGetValue(pov, name); \
164 #define READ_NUMERIC(name, s_name) \
165 val = optionGetValue(pov, name); \
168 if (val->valType == OPARG_TYPE_NUMERIC) \
169 s_name = val->v.longVal; \
170 else if (val->valType == OPARG_TYPE_STRING) \
171 s_name = atoi(val->v.strVal); \
175 template_parse (const char *template)
177 /* Parsing return code */
180 tOptionValue
const * pov
;
181 const tOptionValue
* val
;
183 pov
= configFileLoad(template);
186 perror("configFileLoad");
187 fprintf(stderr
, "Error loading template: %s\n", template);
191 /* Option variables */
192 val
= optionGetValue(pov
, "organization");
193 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
194 cfg
.organization
= strdup(val
->v
.strVal
);
196 val
= optionGetValue(pov
, "unit");
197 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
198 cfg
.unit
= strdup(val
->v
.strVal
);
200 val
= optionGetValue(pov
, "locality");
201 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
202 cfg
.locality
= strdup(val
->v
.strVal
);
204 val
= optionGetValue(pov
, "state");
205 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
206 cfg
.state
= strdup(val
->v
.strVal
);
208 val
= optionGetValue(pov
, "cn");
209 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
210 cfg
.cn
= strdup(val
->v
.strVal
);
212 val
= optionGetValue(pov
, "uid");
213 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
214 cfg
.uid
= strdup(val
->v
.strVal
);
216 val
= optionGetValue(pov
, "challenge_password");
217 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
218 cfg
.challenge_password
= strdup(val
->v
.strVal
);
220 val
= optionGetValue(pov
, "password");
221 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
222 cfg
.password
= strdup(val
->v
.strVal
);
224 val
= optionGetValue(pov
, "pkcs9_email");
225 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
226 cfg
.pkcs9_email
= strdup(val
->v
.strVal
);
228 val
= optionGetValue(pov
, "country");
229 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
230 cfg
.country
= strdup(val
->v
.strVal
);
232 READ_MULTI_LINE("dc", cfg
.dc
);
233 READ_MULTI_LINE("dns_name", cfg
.dns_name
);
234 READ_MULTI_LINE("ip_address", cfg
.ip_addr
);
235 READ_MULTI_LINE("email", cfg
.email
);
236 READ_MULTI_LINE("key_purpose_oid", cfg
.key_purpose_oids
);
238 READ_MULTI_LINE_TOKENIZED("dn_oid", cfg
.dn_oid
);
240 val
= optionGetValue(pov
, "crl_dist_points");
241 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
242 cfg
.crl_dist_points
= strdup(val
->v
.strVal
);
244 val
= optionGetValue(pov
, "pkcs12_key_name");
245 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
246 cfg
.pkcs12_key_name
= strdup(val
->v
.strVal
);
249 READ_NUMERIC("serial", cfg
.serial
);
250 READ_NUMERIC("expiration_days", cfg
.expiration_days
);
251 READ_NUMERIC("crl_next_update", cfg
.crl_next_update
);
252 READ_NUMERIC("crl_number", cfg
.crl_number
);
254 val
= optionGetValue(pov
, "proxy_policy_language");
255 if (val
!= NULL
&& val
->valType
== OPARG_TYPE_STRING
)
256 cfg
.proxy_policy_language
= strdup(val
->v
.strVal
);
258 READ_BOOLEAN("ca", cfg
.ca
);
259 READ_BOOLEAN("honor_crq_extensions", cfg
.crq_extensions
);
260 READ_BOOLEAN("path_len", cfg
.path_len
);
261 READ_BOOLEAN("tls_www_client", cfg
.tls_www_client
);
262 READ_BOOLEAN("tls_www_server", cfg
.tls_www_server
);
263 READ_BOOLEAN("signing_key", cfg
.signing_key
);
264 READ_BOOLEAN("encryption_key", cfg
.encryption_key
);
265 READ_BOOLEAN("cert_signing_key", cfg
.cert_sign_key
);
266 READ_BOOLEAN("crl_signing_key", cfg
.crl_sign_key
);
267 READ_BOOLEAN("code_signing_key", cfg
.code_sign_key
);
268 READ_BOOLEAN("ocsp_signing_key", cfg
.ocsp_sign_key
);
269 READ_BOOLEAN("time_stamping_key", cfg
.time_stamping_key
);
270 READ_BOOLEAN("ipsec_ike_key", cfg
.ipsec_ike_key
);
272 optionUnloadNested(pov
);
277 #define IS_NEWLINE(x) ((x[0] == '\n') || (x[0] == '\r'))
280 read_crt_set (gnutls_x509_crt_t crt
, const char *input_str
, const char *oid
)
285 fputs (input_str
, stderr
);
286 if (fgets (input
, sizeof (input
), stdin
) == NULL
)
289 if (IS_NEWLINE(input
))
293 gnutls_x509_crt_set_dn_by_oid (crt
, oid
, 0, input
, strlen (input
) - 1);
296 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
302 read_crq_set (gnutls_x509_crq_t crq
, const char *input_str
, const char *oid
)
307 fputs (input_str
, stderr
);
308 if (fgets (input
, sizeof (input
), stdin
) == NULL
)
311 if (IS_NEWLINE(input
))
315 gnutls_x509_crq_set_dn_by_oid (crq
, oid
, 0, input
, strlen (input
) - 1);
318 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
323 /* The input_str should contain %d or %u to print the default.
326 read_int_with_default (const char *input_str
, int def
)
330 static char input
[128];
332 fprintf (stderr
, input_str
, def
);
333 if (fgets (input
, sizeof (input
), stdin
) == NULL
)
336 if (IS_NEWLINE(input
))
339 len
= strlen (input
);
341 l
= strtol (input
, &endptr
, 0);
343 if (*endptr
!= '\0' && *endptr
!= '\r' && *endptr
!= '\n')
345 fprintf (stderr
, "Trailing garbage ignored: `%s'\n", endptr
);
349 if (l
<= INT_MIN
|| l
>= INT_MAX
)
351 fprintf (stderr
, "Integer out of range: `%s'\n", input
);
362 read_int (const char *input_str
)
364 return read_int_with_default (input_str
, 0);
368 read_str (const char *input_str
)
370 static char input
[128];
373 fputs (input_str
, stderr
);
374 if (fgets (input
, sizeof (input
), stdin
) == NULL
)
377 if (IS_NEWLINE(input
))
380 len
= strlen (input
);
381 if ((len
> 0) && (input
[len
- 1] == '\n'))
392 read_yesno (const char *input_str
)
396 fputs (input_str
, stderr
);
397 if (fgets (input
, sizeof (input
), stdin
) == NULL
)
400 if (IS_NEWLINE(input
))
403 if (input
[0] == 'y' || input
[0] == 'Y')
410 /* Wrapper functions for non-interactive mode.
418 return getpass ("Enter password: ");
422 get_confirmed_pass (bool empty_ok
)
428 const char *pass
= NULL
;
434 printf ("Password missmatch, try again.\n");
438 pass
= getpass ("Enter password: ");
439 copy
= strdup (pass
);
440 pass
= getpass ("Confirm password: ");
442 while (strcmp (pass
, copy
) != 0 && !(empty_ok
&& *pass
== '\0'));
451 get_challenge_pass (void)
454 return cfg
.challenge_password
;
456 return getpass ("Enter a challenge password: ");
460 get_crl_dist_point_url (void)
463 return cfg
.crl_dist_points
;
465 return read_str ("Enter the URI of the CRL distribution point: ");
469 get_country_crt_set (gnutls_x509_crt_t crt
)
478 gnutls_x509_crt_set_dn_by_oid (crt
,
479 GNUTLS_OID_X520_COUNTRY_NAME
, 0,
480 cfg
.country
, strlen (cfg
.country
));
483 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
489 read_crt_set (crt
, "Country name (2 chars): ",
490 GNUTLS_OID_X520_COUNTRY_NAME
);
496 get_organization_crt_set (gnutls_x509_crt_t crt
)
502 if (!cfg
.organization
)
506 gnutls_x509_crt_set_dn_by_oid (crt
,
507 GNUTLS_OID_X520_ORGANIZATION_NAME
,
509 strlen (cfg
.organization
));
512 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
518 read_crt_set (crt
, "Organization name: ",
519 GNUTLS_OID_X520_ORGANIZATION_NAME
);
525 get_unit_crt_set (gnutls_x509_crt_t crt
)
535 gnutls_x509_crt_set_dn_by_oid (crt
,
536 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME
,
537 0, cfg
.unit
, strlen (cfg
.unit
));
540 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
546 read_crt_set (crt
, "Organizational unit name: ",
547 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME
);
553 get_state_crt_set (gnutls_x509_crt_t crt
)
562 gnutls_x509_crt_set_dn_by_oid (crt
,
563 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME
,
564 0, cfg
.state
, strlen (cfg
.state
));
567 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
573 read_crt_set (crt
, "State or province name: ",
574 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME
);
580 get_locality_crt_set (gnutls_x509_crt_t crt
)
589 gnutls_x509_crt_set_dn_by_oid (crt
,
590 GNUTLS_OID_X520_LOCALITY_NAME
, 0,
591 cfg
.locality
, strlen (cfg
.locality
));
594 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
600 read_crt_set (crt
, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME
);
606 get_cn_crt_set (gnutls_x509_crt_t crt
)
615 gnutls_x509_crt_set_dn_by_oid (crt
, GNUTLS_OID_X520_COMMON_NAME
,
616 0, cfg
.cn
, strlen (cfg
.cn
));
619 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
625 read_crt_set (crt
, "Common name: ", GNUTLS_OID_X520_COMMON_NAME
);
631 get_uid_crt_set (gnutls_x509_crt_t crt
)
639 ret
= gnutls_x509_crt_set_dn_by_oid (crt
, GNUTLS_OID_LDAP_UID
, 0,
640 cfg
.uid
, strlen (cfg
.uid
));
643 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
649 read_crt_set (crt
, "UID: ", GNUTLS_OID_LDAP_UID
);
655 get_oid_crt_set (gnutls_x509_crt_t crt
)
663 for (i
= 0; cfg
.dn_oid
[i
] != NULL
; i
+= 2)
665 if (cfg
.dn_oid
[i
+ 1] == NULL
)
667 fprintf (stderr
, "dn_oid: %s does not have an argument.\n",
671 ret
= gnutls_x509_crt_set_dn_by_oid (crt
, cfg
.dn_oid
[i
], 0,
673 strlen (cfg
.dn_oid
[i
+ 1]));
677 fprintf (stderr
, "set_dn_oid: %s\n", gnutls_strerror (ret
));
685 get_key_purpose_set (gnutls_x509_crt_t crt
)
691 if (!cfg
.key_purpose_oids
)
693 for (i
= 0; cfg
.key_purpose_oids
[i
] != NULL
; i
++)
696 gnutls_x509_crt_set_key_purpose_oid (crt
, cfg
.key_purpose_oids
[i
],
701 fprintf (stderr
, "set_key_purpose_oid (%s): %s\n",
702 cfg
.key_purpose_oids
[i
], gnutls_strerror (ret
));
712 get_pkcs9_email_crt_set (gnutls_x509_crt_t crt
)
718 if (!cfg
.pkcs9_email
)
720 ret
= gnutls_x509_crt_set_dn_by_oid (crt
, GNUTLS_OID_PKCS9_EMAIL
, 0,
722 strlen (cfg
.pkcs9_email
));
725 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
731 read_crt_set (crt
, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL
);
739 int default_serial
= time (NULL
);
744 return default_serial
;
749 return read_int_with_default
750 ("Enter the certificate's serial number in decimal (default: %u): ",
762 if (cfg
.expiration_days
<= 0)
765 return cfg
.expiration_days
;
771 days
= read_int ("The certificate will expire in (days): ");
788 read_yesno ("Does the certificate belong to an authority? (y/N): ");
793 get_crq_extensions_status (void)
797 return cfg
.crq_extensions
;
803 ("Do you want to honour the extensions from the request? (y/N): ");
808 get_crl_number (void)
812 return cfg
.crl_number
;
816 return read_int_with_default ("CRL Number: ", 1);
829 return read_int_with_default
830 ("Path length constraint (decimal, %d for no constraint): ", -1);
835 get_pkcs12_key_name (void)
841 if (!cfg
.pkcs12_key_name
)
843 return cfg
.pkcs12_key_name
;
849 name
= read_str ("Enter a name for the key: ");
851 while (name
== NULL
);
857 get_tls_client_status (void)
861 return cfg
.tls_www_client
;
865 return read_yesno ("Is this a TLS web client certificate? (y/N): ");
870 get_tls_server_status (void)
874 return cfg
.tls_www_server
;
879 read_yesno ("Is this also a TLS web server certificate? (y/N): ");
883 /* convert a printable IP to binary */
885 string_to_ip (unsigned char *ip
, const char *str
)
887 int len
= strlen (str
);
891 if (strchr (str
, ':') != NULL
|| len
> 16)
893 ret
= inet_pton (AF_INET6
, str
, ip
);
896 fprintf (stderr
, "Error in IPv6 address %s\n", str
);
906 ret
= inet_pton (AF_INET
, str
, ip
);
909 fprintf (stderr
, "Error in IPv4 address %s\n", str
);
919 get_ip_addr_set (int type
, void *crt
)
922 unsigned char ip
[16];
930 for (i
= 0; cfg
.ip_addr
[i
] != NULL
; i
++)
932 len
= string_to_ip (ip
, cfg
.ip_addr
[i
]);
935 fprintf (stderr
, "Error parsing address: %s\n", cfg
.ip_addr
[i
]);
939 if (type
== TYPE_CRT
)
941 gnutls_x509_crt_set_subject_alt_name (crt
, GNUTLS_SAN_IPADDRESS
,
946 gnutls_x509_crq_set_subject_alt_name (crt
, GNUTLS_SAN_IPADDRESS
,
959 read_str ("Enter the IP address of the subject of the certificate: ");
963 len
= string_to_ip (ip
, p
);
966 fprintf (stderr
, "Error parsing address: %s\n", p
);
970 if (type
== TYPE_CRT
)
971 ret
= gnutls_x509_crt_set_subject_alt_name (crt
, GNUTLS_SAN_IPADDRESS
,
975 ret
= gnutls_x509_crq_set_subject_alt_name (crt
, GNUTLS_SAN_IPADDRESS
,
982 fprintf (stderr
, "set_subject_alt_name: %s\n", gnutls_strerror (ret
));
988 get_email_set (int type
, void *crt
)
997 for (i
= 0; cfg
.email
[i
] != NULL
; i
++)
999 if (type
== TYPE_CRT
)
1001 gnutls_x509_crt_set_subject_alt_name (crt
,
1002 GNUTLS_SAN_RFC822NAME
,
1004 strlen (cfg
.email
[i
]),
1005 GNUTLS_FSAN_APPEND
);
1008 gnutls_x509_crq_set_subject_alt_name (crt
,
1009 GNUTLS_SAN_RFC822NAME
,
1011 strlen (cfg
.email
[i
]),
1012 GNUTLS_FSAN_APPEND
);
1022 p
= read_str ("Enter the e-mail of the subject of the certificate: ");
1026 if (type
== TYPE_CRT
)
1028 gnutls_x509_crt_set_subject_alt_name (crt
, GNUTLS_SAN_RFC822NAME
, p
,
1030 GNUTLS_FSAN_APPEND
);
1033 gnutls_x509_crq_set_subject_alt_name (crt
, GNUTLS_SAN_RFC822NAME
, p
,
1035 GNUTLS_FSAN_APPEND
);
1040 fprintf (stderr
, "set_subject_alt_name: %s\n", gnutls_strerror (ret
));
1047 get_dc_set (int type
, void *crt
)
1056 for (i
= 0; cfg
.dc
[i
] != NULL
; i
++)
1058 if (type
== TYPE_CRT
)
1059 ret
= gnutls_x509_crt_set_dn_by_oid (crt
, GNUTLS_OID_LDAP_DC
,
1060 0, cfg
.dc
[i
], strlen (cfg
.dc
[i
]));
1062 ret
= gnutls_x509_crq_set_dn_by_oid (crt
, GNUTLS_OID_LDAP_DC
,
1063 0, cfg
.dc
[i
], strlen (cfg
.dc
[i
]));
1075 p
= read_str ("Enter the subject's domain component (DC): ");
1079 if (type
== TYPE_CRT
)
1080 ret
= gnutls_x509_crt_set_dn_by_oid (crt
, GNUTLS_OID_LDAP_DC
,
1083 ret
= gnutls_x509_crq_set_dn_by_oid (crt
, GNUTLS_OID_LDAP_DC
,
1091 fprintf (stderr
, "set_dn_by_oid: %s\n", gnutls_strerror (ret
));
1097 get_dns_name_set (int type
, void *crt
)
1106 for (i
= 0; cfg
.dns_name
[i
] != NULL
; i
++)
1108 if (type
== TYPE_CRT
)
1110 gnutls_x509_crt_set_subject_alt_name (crt
, GNUTLS_SAN_DNSNAME
,
1112 strlen (cfg
.dns_name
[i
]),
1113 GNUTLS_FSAN_APPEND
);
1116 gnutls_x509_crq_set_subject_alt_name (crt
, GNUTLS_SAN_DNSNAME
,
1118 strlen (cfg
.dns_name
[i
]),
1119 GNUTLS_FSAN_APPEND
);
1132 read_str ("Enter a dnsName of the subject of the certificate: ");
1136 if (type
== TYPE_CRT
)
1137 ret
= gnutls_x509_crt_set_subject_alt_name
1138 (crt
, GNUTLS_SAN_DNSNAME
, p
, strlen (p
), GNUTLS_FSAN_APPEND
);
1140 ret
= gnutls_x509_crq_set_subject_alt_name
1141 (crt
, GNUTLS_SAN_DNSNAME
, p
, strlen (p
), GNUTLS_FSAN_APPEND
);
1148 fprintf (stderr
, "set_subject_alt_name: %s\n", gnutls_strerror (ret
));
1155 get_sign_status (int server
)
1161 return cfg
.signing_key
;
1167 "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): ";
1170 "Will the certificate be used for signing (required for TLS)? (y/N): ";
1171 return read_yesno (msg
);
1176 get_encrypt_status (int server
)
1182 return cfg
.encryption_key
;
1188 "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): ";
1191 "Will the certificate be used for encryption (not required for TLS)? (y/N): ";
1192 return read_yesno (msg
);
1197 get_cert_sign_status (void)
1201 return cfg
.cert_sign_key
;
1207 ("Will the certificate be used to sign other certificates? (y/N): ");
1212 get_crl_sign_status (void)
1216 return cfg
.crl_sign_key
;
1221 read_yesno ("Will the certificate be used to sign CRLs? (y/N): ");
1226 get_code_sign_status (void)
1230 return cfg
.code_sign_key
;
1235 read_yesno ("Will the certificate be used to sign code? (y/N): ");
1240 get_ocsp_sign_status (void)
1244 return cfg
.ocsp_sign_key
;
1250 ("Will the certificate be used to sign OCSP requests? (y/N): ");
1255 get_time_stamp_status (void)
1259 return cfg
.time_stamping_key
;
1265 ("Will the certificate be used for time stamping? (y/N): ");
1270 get_ipsec_ike_status (void)
1274 return cfg
.ipsec_ike_key
;
1280 ("Will the certificate be used for IPsec IKE operations? (y/N): ");
1285 get_crl_next_update (void)
1291 if (cfg
.crl_next_update
<= 0)
1294 return cfg
.crl_next_update
;
1300 days
= read_int ("The next CRL will be issued in (days): ");
1308 get_proxy_policy (char **policy
, size_t * policylen
)
1314 ret
= cfg
.proxy_policy_language
;
1316 ret
= "1.3.6.1.5.5.7.21.1";
1322 ret
= read_str ("Enter the OID of the proxy policy language: ");
1324 while (ret
== NULL
);
1330 if (strcmp (ret
, "1.3.6.1.5.5.7.21.1") != 0 &&
1331 strcmp (ret
, "1.3.6.1.5.5.7.21.2") != 0)
1333 fprintf (stderr
, "Reading non-standard proxy policy not supported.\n");
1342 get_country_crq_set (gnutls_x509_crq_t crq
)
1351 gnutls_x509_crq_set_dn_by_oid (crq
,
1352 GNUTLS_OID_X520_COUNTRY_NAME
, 0,
1353 cfg
.country
, strlen (cfg
.country
));
1356 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
1362 read_crq_set (crq
, "Country name (2 chars): ",
1363 GNUTLS_OID_X520_COUNTRY_NAME
);
1369 get_organization_crq_set (gnutls_x509_crq_t crq
)
1375 if (!cfg
.organization
)
1379 gnutls_x509_crq_set_dn_by_oid (crq
,
1380 GNUTLS_OID_X520_ORGANIZATION_NAME
,
1381 0, cfg
.organization
,
1382 strlen (cfg
.organization
));
1385 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
1391 read_crq_set (crq
, "Organization name: ",
1392 GNUTLS_OID_X520_ORGANIZATION_NAME
);
1398 get_unit_crq_set (gnutls_x509_crq_t crq
)
1408 gnutls_x509_crq_set_dn_by_oid (crq
,
1409 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME
,
1410 0, cfg
.unit
, strlen (cfg
.unit
));
1413 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
1419 read_crq_set (crq
, "Organizational unit name: ",
1420 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME
);
1426 get_state_crq_set (gnutls_x509_crq_t crq
)
1435 gnutls_x509_crq_set_dn_by_oid (crq
,
1436 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME
,
1437 0, cfg
.state
, strlen (cfg
.state
));
1440 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
1446 read_crq_set (crq
, "State or province name: ",
1447 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME
);
1453 get_locality_crq_set (gnutls_x509_crq_t crq
)
1462 gnutls_x509_crq_set_dn_by_oid (crq
,
1463 GNUTLS_OID_X520_LOCALITY_NAME
, 0,
1464 cfg
.locality
, strlen (cfg
.locality
));
1467 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
1473 read_crq_set (crq
, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME
);
1479 get_cn_crq_set (gnutls_x509_crq_t crq
)
1488 gnutls_x509_crq_set_dn_by_oid (crq
, GNUTLS_OID_X520_COMMON_NAME
,
1489 0, cfg
.cn
, strlen (cfg
.cn
));
1492 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
1498 read_crq_set (crq
, "Common name: ", GNUTLS_OID_X520_COMMON_NAME
);
1504 get_uid_crq_set (gnutls_x509_crq_t crq
)
1512 ret
= gnutls_x509_crq_set_dn_by_oid (crq
, GNUTLS_OID_LDAP_UID
, 0,
1513 cfg
.uid
, strlen (cfg
.uid
));
1516 fprintf (stderr
, "set_dn: %s\n", gnutls_strerror (ret
));
1522 read_crq_set (crq
, "UID: ", GNUTLS_OID_LDAP_UID
);
1528 get_oid_crq_set (gnutls_x509_crq_t crq
)
1536 for (i
= 0; cfg
.dn_oid
[i
] != NULL
; i
+= 2)
1538 if (cfg
.dn_oid
[i
+ 1] == NULL
)
1540 fprintf (stderr
, "dn_oid: %s does not have an argument.\n",
1544 ret
= gnutls_x509_crq_set_dn_by_oid (crq
, cfg
.dn_oid
[i
], 0,
1546 strlen (cfg
.dn_oid
[i
+ 1]));
1550 fprintf (stderr
, "set_dn_oid: %s\n", gnutls_strerror (ret
));