search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Dist libgcrypt.supp.
[gnutls.git] / src / certtool-cfg.c
blobca3431508c339755e12e7a6bd77a4e4ae8c311ab
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation
3 *
4 * This file is part of GNUTLS.
5 *
6 * GNUTLS is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GNUTLS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <config.h>
21
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <certtool-cfg.h>
25 #include <cfg+.h>
26 #include <gnutls/x509.h>
27 #include <string.h>
28 #include <limits.h>
29 #include <inttypes.h>
30 #include <time.h>
31
32 /* Gnulib portability files. */
33 #include <getpass.h>
34 #include "readline.h"
35
36 extern int batch;
37
38 typedef struct _cfg_ctx
39 {
40 char *organization;
41 char *unit;
42 char *locality;
43 char *state;
44 char *cn;
45 char *uid;
46 char *challenge_password;
47 char *pkcs9_email;
48 char *country;
49 char *dns_name;
50 char *ip_addr;
51 char *email;
52 char **dn_oid;
53 char *crl_dist_points;
54 char *password;
55 char *pkcs12_key_name;
56 int serial;
57 int expiration_days;
58 int ca;
59 int path_len;
60 int tls_www_client;
61 int tls_www_server;
62 int signing_key;
63 int encryption_key;
64 int cert_sign_key;
65 int crl_sign_key;
66 int code_sign_key;
67 int ocsp_sign_key;
68 int time_stamping_key;
69 int crl_next_update;
70 char *proxy_policy_language;
71 } cfg_ctx;
72
73 cfg_ctx cfg;
74
75 void
76 cfg_init (void)
77 {
78 memset (&cfg, 0, sizeof (cfg));
79 cfg.path_len = -1;
80 cfg.serial = -1;
81 }
82
83 int
84 template_parse (const char *template)
85 {
86 /* libcfg+ parsing context */
87 CFG_CONTEXT con;
88
89 /* Parsing return code */
90 register int ret;
91
92 /* Option variables */
93
94 /* Option set */
95 struct cfg_option options[] = {
96 {NULL, '\0', "organization", CFG_STR, (void *) &cfg.organization,
97 0},
98 {NULL, '\0', "unit", CFG_STR, (void *) &cfg.unit, 0},
99 {NULL, '\0', "locality", CFG_STR, (void *) &cfg.locality, 0},
100 {NULL, '\0', "state", CFG_STR, (void *) &cfg.state, 0},
101 {NULL, '\0', "cn", CFG_STR, (void *) &cfg.cn, 0},
102 {NULL, '\0', "uid", CFG_STR, (void *) &cfg.uid, 0},
103 {NULL, '\0', "challenge_password", CFG_STR,
104 (void *) &cfg.challenge_password, 0},
105 {NULL, '\0', "password", CFG_STR, (void *) &cfg.password, 0},
106 {NULL, '\0', "pkcs9_email", CFG_STR, (void *) &cfg.pkcs9_email, 0},
107 {NULL, '\0', "country", CFG_STR, (void *) &cfg.country, 0},
108 {NULL, '\0', "dns_name", CFG_STR, (void *) &cfg.dns_name, 0},
109 {NULL, '\0', "ip_address", CFG_STR, (void *) &cfg.ip_addr, 0},
110 {NULL, '\0', "email", CFG_STR, (void *) &cfg.email, 0},
111
112 {NULL, '\0', "dn_oid", CFG_STR + CFG_MULTI_SEPARATED,
113 (void *) &cfg.dn_oid, 0},
114
115 {NULL, '\0', "crl_dist_points", CFG_STR,
116 (void *) &cfg.crl_dist_points, 0},
117 {NULL, '\0', "pkcs12_key_name", CFG_STR,
118 (void *) &cfg.pkcs12_key_name, 0},
119
120 {NULL, '\0', "serial", CFG_INT, (void *) &cfg.serial, 0},
121 {NULL, '\0', "expiration_days", CFG_INT,
122 (void *) &cfg.expiration_days, 0},
123
124 {NULL, '\0', "crl_next_update", CFG_INT,
125 (void *) &cfg.crl_next_update, 0},
126
127 {NULL, '\0', "ca", CFG_BOOL, (void *) &cfg.ca, 0},
128 {NULL, '\0', "path_len", CFG_INT, (void *) &cfg.path_len, 0},
129 {NULL, '\0', "tls_www_client", CFG_BOOL,
130 (void *) &cfg.tls_www_client, 0},
131 {NULL, '\0', "tls_www_server", CFG_BOOL,
132 (void *) &cfg.tls_www_server, 0},
133 {NULL, '\0', "signing_key", CFG_BOOL, (void *) &cfg.signing_key,
134 0},
135 {NULL, '\0', "encryption_key", CFG_BOOL,
136 (void *) &cfg.encryption_key, 0},
137 {NULL, '\0', "cert_signing_key", CFG_BOOL,
138 (void *) &cfg.cert_sign_key, 0},
139 {NULL, '\0', "crl_signing_key", CFG_BOOL,
140 (void *) &cfg.crl_sign_key, 0},
141 {NULL, '\0', "code_signing_key", CFG_BOOL,
142 (void *) &cfg.code_sign_key, 0},
143 {NULL, '\0', "ocsp_signing_key", CFG_BOOL,
144 (void *) &cfg.ocsp_sign_key, 0},
145 {NULL, '\0', "time_stamping_key", CFG_BOOL,
146 (void *) &cfg.time_stamping_key, 0},
147 {NULL, '\0', "proxy_policy_language", CFG_STR,
148 (void *) &cfg.proxy_policy_language, 0},
149 CFG_END_OF_LIST
150 };
151
152 /* Creating context */
153 con = cfg_get_context (options);
154 if (con == NULL)
155 {
156 puts ("Not enough memory");
157 exit (1);
158 }
159
160 cfg_set_cfgfile_context (con, 0, -1, (char *) template);
161
162 /* Parsing command line */
163 ret = cfg_parse (con);
164
165 if (ret != CFG_OK)
166 {
167 printf ("error parsing command line: %s: ", template);
168 cfg_fprint_error (con, stdout);
169 putchar ('\n');
170 exit (ret < 0 ? -ret : ret);
171 }
172
173 return 0;
174 }
175
176 void
177 read_crt_set (gnutls_x509_crt_t crt, const char *input_str, const char *oid)
178 {
179 char input[128];
180 int ret;
181
182 fputs (input_str, stderr);
183 fgets (input, sizeof (input), stdin);
184
185 if (strlen (input) == 1) /* only newline */
186 return;
187
188 ret =
189 gnutls_x509_crt_set_dn_by_oid (crt, oid, 0, input, strlen (input) - 1);
190 if (ret < 0)
191 {
192 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
193 exit (1);
194 }
195 }
196
197 void
198 read_crq_set (gnutls_x509_crq_t crq, const char *input_str, const char *oid)
199 {
200 char input[128];
201 int ret;
202
203 fputs (input_str, stderr);
204 fgets (input, sizeof (input), stdin);
205
206 if (strlen (input) == 1) /* only newline */
207 return;
208
209 ret =
210 gnutls_x509_crq_set_dn_by_oid (crq, oid, 0, input, strlen (input) - 1);
211 if (ret < 0)
212 {
213 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
214 exit (1);
215 }
216 }
217
218 /* The input_str should contain %d or %u to print the default.
219 */
220 int
221 read_int_with_default (const char *input_str, int def)
222 {
223 char *in;
224 char *endptr;
225 long l;
226
227 printf(input_str, def);
228 in = readline ("");
229
230 l = strtol (in, &endptr, 0);
231
232 if (*endptr != '\0')
233 {
234 fprintf (stderr, "Trailing garbage ignored: `%s'\n", endptr);
235 free (in);
236 return 0;
237 }
238
239 if (l <= INT_MIN || l >= INT_MAX)
240 {
241 fprintf (stderr, "Integer out of range: `%s'\n", in);
242 free (in);
243 return 0;
244 }
245
246 if (in == endptr)
247 l = def;
248
249 free (in);
250
251 return (int) l;
252 }
253
254 int
255 read_int (const char *input_str)
256 {
257 return read_int_with_default (input_str, 0);
258 }
259
260 const char *
261 read_str (const char *input_str)
262 {
263 static char input[128];
264 int len;
265
266 fputs (input_str, stderr);
267 if (fgets (input, sizeof (input), stdin) == NULL)
268 return NULL;
269
270 len = strlen (input);
271 if ((len > 0) && (input[len - 1] == '\n'))
272 input[len - 1] = 0;
273 if (input[0] == 0)
274 return NULL;
275
276 return input;
277 }
278
279 /* Default is no
280 */
281 int
282 read_yesno (const char *input_str)
283 {
284 char input[128];
285
286 fputs (input_str, stderr);
287 fgets (input, sizeof (input), stdin);
288
289 if (strlen (input) == 1) /* only newline */
290 return 0;
291
292 if (input[0] == 'y' || input[0] == 'Y')
293 return 1;
294
295 return 0;
296 }
297
298
299 /* Wrapper functions for non-interactive mode.
300 */
301 const char *
302 get_pass (void)
303 {
304 if (batch)
305 return cfg.password;
306 else
307 return getpass ("Enter password: ");
308 }
309
310 const char *
311 get_confirmed_pass (bool empty_ok)
312 {
313 if (batch)
314 return cfg.password;
315 else
316 {
317 const char *pass = NULL;
318 char *copy = NULL;
319
320 do
321 {
322 if (pass)
323 printf ("Password missmatch, try again.\n");
324
325 if (copy)
326 free (copy);
327
328 pass = getpass ("Enter password: ");
329 copy = strdup (pass);
330 pass = getpass ("Confirm password: ");
331 }
332 while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0'));
333
334 free (copy);
335
336 return pass;
337 }
338 }
339
340 const char *
341 get_challenge_pass (void)
342 {
343 if (batch)
344 return cfg.challenge_password;
345 else
346 return getpass ("Enter a challenge password: ");
347 }
348
349 const char *
350 get_crl_dist_point_url (void)
351 {
352 if (batch)
353 return cfg.crl_dist_points;
354 else
355 return read_str ("Enter the URI of the CRL distribution point: ");
356 }
357
358 void
359 get_country_crt_set (gnutls_x509_crt_t crt)
360 {
361 int ret;
362
363 if (batch)
364 {
365 if (!cfg.country)
366 return;
367 ret =
368 gnutls_x509_crt_set_dn_by_oid (crt,
369 GNUTLS_OID_X520_COUNTRY_NAME, 0,
370 cfg.country, strlen (cfg.country));
371 if (ret < 0)
372 {
373 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
374 exit (1);
375 }
376 }
377 else
378 {
379 read_crt_set (crt, "Country name (2 chars): ",
380 GNUTLS_OID_X520_COUNTRY_NAME);
381 }
382
383 }
384
385 void
386 get_organization_crt_set (gnutls_x509_crt_t crt)
387 {
388 int ret;
389
390 if (batch)
391 {
392 if (!cfg.organization)
393 return;
394
395 ret =
396 gnutls_x509_crt_set_dn_by_oid (crt,
397 GNUTLS_OID_X520_ORGANIZATION_NAME,
398 0, cfg.organization,
399 strlen (cfg.organization));
400 if (ret < 0)
401 {
402 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
403 exit (1);
404 }
405 }
406 else
407 {
408 read_crt_set (crt, "Organization name: ",
409 GNUTLS_OID_X520_ORGANIZATION_NAME);
410 }
411
412 }
413
414 void
415 get_unit_crt_set (gnutls_x509_crt_t crt)
416 {
417 int ret;
418
419 if (batch)
420 {
421 if (!cfg.unit)
422 return;
423
424 ret =
425 gnutls_x509_crt_set_dn_by_oid (crt,
426 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
427 0, cfg.unit, strlen (cfg.unit));
428 if (ret < 0)
429 {
430 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
431 exit (1);
432 }
433 }
434 else
435 {
436 read_crt_set (crt, "Organizational unit name: ",
437 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
438 }
439
440 }
441
442 void
443 get_state_crt_set (gnutls_x509_crt_t crt)
444 {
445 int ret;
446
447 if (batch)
448 {
449 if (!cfg.state)
450 return;
451 ret =
452 gnutls_x509_crt_set_dn_by_oid (crt,
453 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
454 0, cfg.state, strlen (cfg.state));
455 if (ret < 0)
456 {
457 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
458 exit (1);
459 }
460 }
461 else
462 {
463 read_crt_set (crt, "State or province name: ",
464 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
465 }
466
467 }
468
469 void
470 get_locality_crt_set (gnutls_x509_crt_t crt)
471 {
472 int ret;
473
474 if (batch)
475 {
476 if (!cfg.locality)
477 return;
478 ret =
479 gnutls_x509_crt_set_dn_by_oid (crt,
480 GNUTLS_OID_X520_LOCALITY_NAME, 0,
481 cfg.locality, strlen (cfg.locality));
482 if (ret < 0)
483 {
484 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
485 exit (1);
486 }
487 }
488 else
489 {
490 read_crt_set (crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
491 }
492
493 }
494
495 void
496 get_cn_crt_set (gnutls_x509_crt_t crt)
497 {
498 int ret;
499
500 if (batch)
501 {
502 if (!cfg.cn)
503 return;
504 ret =
505 gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
506 0, cfg.cn, strlen (cfg.cn));
507 if (ret < 0)
508 {
509 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
510 exit (1);
511 }
512 }
513 else
514 {
515 read_crt_set (crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
516 }
517
518 }
519
520 void
521 get_uid_crt_set (gnutls_x509_crt_t crt)
522 {
523 int ret;
524
525 if (batch)
526 {
527 if (!cfg.uid)
528 return;
529 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0,
530 cfg.uid, strlen (cfg.uid));
531 if (ret < 0)
532 {
533 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
534 exit (1);
535 }
536 }
537 else
538 {
539 read_crt_set (crt, "UID: ", GNUTLS_OID_LDAP_UID);
540 }
541
542 }
543
544 void
545 get_oid_crt_set (gnutls_x509_crt_t crt)
546 {
547 int ret, i;
548
549 if (batch)
550 {
551 if (!cfg.dn_oid)
552 return;
553 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
554 {
555 if (cfg.dn_oid[i + 1] == NULL)
556 {
557 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
558 cfg.dn_oid[i]);
559 exit (1);
560 }
561 ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
562 cfg.dn_oid[i + 1],
563 strlen (cfg.dn_oid[i + 1]));
564
565 if (ret < 0)
566 {
567 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
568 exit (1);
569 }
570 }
571 }
572
573 }
574
575
576 void
577 get_pkcs9_email_crt_set (gnutls_x509_crt_t crt)
578 {
579 int ret;
580
581 if (batch)
582 {
583 if (!cfg.pkcs9_email)
584 return;
585 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0,
586 cfg.pkcs9_email,
587 strlen (cfg.pkcs9_email));
588 if (ret < 0)
589 {
590 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
591 exit (1);
592 }
593 }
594 else
595 {
596 read_crt_set (crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL);
597 }
598
599 }
600
601 int
602 get_serial (void)
603 {
604 int default_serial = time (NULL);
605
606 if (batch)
607 {
608 if (cfg.serial < 0)
609 return default_serial;
610 return cfg.serial;
611 }
612 else
613 {
614 return read_int_with_default
615 ("Enter the certificate's serial number in decimal (default: %u): ", default_serial);
616 }
617 }
618
619 int
620 get_days (void)
621 {
622 int days;
623
624 if (batch)
625 {
626 if (cfg.expiration_days <= 0)
627 return 365;
628 else
629 return cfg.expiration_days;
630 }
631 else
632 {
633 do
634 {
635 days = read_int ("The certificate will expire in (days): ");
636 }
637 while (days == 0);
638 return days;
639 }
640 }
641
642 int
643 get_ca_status (void)
644 {
645 if (batch)
646 {
647 return cfg.ca;
648 }
649 else
650 {
651 return
652 read_yesno ("Does the certificate belong to an authority? (y/N): ");
653 }
654 }
655
656 int
657 get_path_len (void)
658 {
659 if (batch)
660 {
661 return cfg.path_len;
662 }
663 else
664 {
665 return read_int_with_default
666 ("Path length constraint (decimal, %d for no constraint): ", -1);
667 }
668 }
669
670 const char *
671 get_pkcs12_key_name (void)
672 {
673 const char *name;
674
675 if (batch)
676 {
677 if (!cfg.pkcs12_key_name)
678 return "Anonymous";
679 return cfg.pkcs12_key_name;
680 }
681 else
682 {
683 do
684 {
685 name = read_str ("Enter a name for the key: ");
686 }
687 while (name == NULL);
688 }
689 return name;
690 }
691
692 int
693 get_tls_client_status (void)
694 {
695 if (batch)
696 {
697 return cfg.tls_www_client;
698 }
699 else
700 {
701 return read_yesno ("Is this a TLS web client certificate? (y/N): ");
702 }
703 }
704
705 int
706 get_tls_server_status (void)
707 {
708 if (batch)
709 {
710 return cfg.tls_www_server;
711 }
712 else
713 {
714 return
715 read_yesno ("Is this also a TLS web server certificate? (y/N): ");
716 }
717 }
718
719 const char *
720 get_dns_name (void)
721 {
722 if (batch)
723 {
724 return cfg.dns_name;
725 }
726 else
727 {
728 return
729 read_str ("Enter the dnsName of the subject of the certificate: ");
730 }
731 }
732
733 const char *
734 get_ip_addr (void)
735 {
736 if (batch)
737 {
738 return cfg.ip_addr;
739 }
740 else
741 {
742 return
743 read_str ("Enter the IP address of the subject of the certificate: ");
744 }
745 }
746
747 const char *
748 get_email (void)
749 {
750 if (batch)
751 {
752 return cfg.email;
753 }
754 else
755 {
756 return
757 read_str ("Enter the e-mail of the subject of the certificate: ");
758 }
759 }
760
761 int
762 get_sign_status (int server)
763 {
764 const char *msg;
765
766 if (batch)
767 {
768 return cfg.signing_key;
769 }
770 else
771 {
772 if (server)
773 msg =
774 "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): ";
775 else
776 msg =
777 "Will the certificate be used for signing (required for TLS)? (y/N): ";
778 return read_yesno (msg);
779 }
780 }
781
782 int
783 get_encrypt_status (int server)
784 {
785 const char *msg;
786
787 if (batch)
788 {
789 return cfg.encryption_key;
790 }
791 else
792 {
793 if (server)
794 msg =
795 "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): ";
796 else
797 msg =
798 "Will the certificate be used for encryption (not required for TLS)? (y/N): ";
799 return read_yesno (msg);
800 }
801 }
802
803 int
804 get_cert_sign_status (void)
805 {
806 if (batch)
807 {
808 return cfg.cert_sign_key;
809 }
810 else
811 {
812 return
813 read_yesno
814 ("Will the certificate be used to sign other certificates? (y/N): ");
815 }
816 }
817
818 int
819 get_crl_sign_status (void)
820 {
821 if (batch)
822 {
823 return cfg.crl_sign_key;
824 }
825 else
826 {
827 return
828 read_yesno ("Will the certificate be used to sign CRLs? (y/N): ");
829 }
830 }
831
832 int
833 get_code_sign_status (void)
834 {
835 if (batch)
836 {
837 return cfg.code_sign_key;
838 }
839 else
840 {
841 return
842 read_yesno ("Will the certificate be used to sign code? (y/N): ");
843 }
844 }
845
846 int
847 get_ocsp_sign_status (void)
848 {
849 if (batch)
850 {
851 return cfg.ocsp_sign_key;
852 }
853 else
854 {
855 return
856 read_yesno
857 ("Will the certificate be used to sign OCSP requests? (y/N): ");
858 }
859 }
860
861 int
862 get_time_stamp_status (void)
863 {
864 if (batch)
865 {
866 return cfg.time_stamping_key;
867 }
868 else
869 {
870 return
871 read_yesno
872 ("Will the certificate be used for time stamping? (y/N): ");
873 }
874 }
875
876 int
877 get_crl_next_update (void)
878 {
879 int days;
880
881 if (batch)
882 {
883 if (cfg.crl_next_update <= 0)
884 return 365;
885 else
886 return cfg.crl_next_update;
887 }
888 else
889 {
890 do
891 {
892 days = read_int ("The next CRL will be issued in (days): ");
893 }
894 while (days == 0);
895 return days;
896 }
897 }
898
899 const char *
900 get_proxy_policy (char **policy, size_t *policylen)
901 {
902 const char *ret;
903
904 if (batch)
905 {
906 ret = cfg.proxy_policy_language;
907 if (!ret)
908 ret = "1.3.6.1.5.5.7.21.1";
909 }
910 else
911 {
912 do
913 {
914 ret = read_str ("Enter the OID of the proxy policy language: ");
915 }
916 while (ret == NULL);
917 }
918
919 *policy = NULL;
920 *policylen = 0;
921
922 if (strcmp (ret, "1.3.6.1.5.5.7.21.1") != 0 &&
923 strcmp (ret, "1.3.6.1.5.5.7.21.2") != 0)
924 {
925 fprintf (stderr, "Reading non-standard proxy policy not supported.\n");
926 }
927
928 return ret;
929 }
930
931 /* CRQ stuff.
932 */
933 void
934 get_country_crq_set (gnutls_x509_crq_t crq)
935 {
936 int ret;
937
938 if (batch)
939 {
940 if (!cfg.country)
941 return;
942 ret =
943 gnutls_x509_crq_set_dn_by_oid (crq,
944 GNUTLS_OID_X520_COUNTRY_NAME, 0,
945 cfg.country, strlen (cfg.country));
946 if (ret < 0)
947 {
948 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
949 exit (1);
950 }
951 }
952 else
953 {
954 read_crq_set (crq, "Country name (2 chars): ",
955 GNUTLS_OID_X520_COUNTRY_NAME);
956 }
957
958 }
959
960 void
961 get_organization_crq_set (gnutls_x509_crq_t crq)
962 {
963 int ret;
964
965 if (batch)
966 {
967 if (!cfg.organization)
968 return;
969
970 ret =
971 gnutls_x509_crq_set_dn_by_oid (crq,
972 GNUTLS_OID_X520_ORGANIZATION_NAME,
973 0, cfg.organization,
974 strlen (cfg.organization));
975 if (ret < 0)
976 {
977 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
978 exit (1);
979 }
980 }
981 else
982 {
983 read_crq_set (crq, "Organization name: ",
984 GNUTLS_OID_X520_ORGANIZATION_NAME);
985 }
986
987 }
988
989 void
990 get_unit_crq_set (gnutls_x509_crq_t crq)
991 {
992 int ret;
993
994 if (batch)
995 {
996 if (!cfg.unit)
997 return;
998
999 ret =
1000 gnutls_x509_crq_set_dn_by_oid (crq,
1001 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
1002 0, cfg.unit, strlen (cfg.unit));
1003 if (ret < 0)
1004 {
1005 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1006 exit (1);
1007 }
1008 }
1009 else
1010 {
1011 read_crq_set (crq, "Organizational unit name: ",
1012 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
1013 }
1014
1015 }
1016
1017 void
1018 get_state_crq_set (gnutls_x509_crq_t crq)
1019 {
1020 int ret;
1021
1022 if (batch)
1023 {
1024 if (!cfg.state)
1025 return;
1026 ret =
1027 gnutls_x509_crq_set_dn_by_oid (crq,
1028 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
1029 0, cfg.state, strlen (cfg.state));
1030 if (ret < 0)
1031 {
1032 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1033 exit (1);
1034 }
1035 }
1036 else
1037 {
1038 read_crq_set (crq, "State or province name: ",
1039 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
1040 }
1041
1042 }
1043
1044 void
1045 get_locality_crq_set (gnutls_x509_crq_t crq)
1046 {
1047 int ret;
1048
1049 if (batch)
1050 {
1051 if (!cfg.locality)
1052 return;
1053 ret =
1054 gnutls_x509_crq_set_dn_by_oid (crq,
1055 GNUTLS_OID_X520_LOCALITY_NAME, 0,
1056 cfg.locality, strlen (cfg.locality));
1057 if (ret < 0)
1058 {
1059 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1060 exit (1);
1061 }
1062 }
1063 else
1064 {
1065 read_crq_set (crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
1066 }
1067
1068 }
1069
1070 void
1071 get_cn_crq_set (gnutls_x509_crq_t crq)
1072 {
1073 int ret;
1074
1075 if (batch)
1076 {
1077 if (!cfg.cn)
1078 return;
1079 ret =
1080 gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
1081 0, cfg.cn, strlen (cfg.cn));
1082 if (ret < 0)
1083 {
1084 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1085 exit (1);
1086 }
1087 }
1088 else
1089 {
1090 read_crq_set (crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
1091 }
1092
1093 }
1094
1095 void
1096 get_uid_crq_set (gnutls_x509_crq_t crq)
1097 {
1098 int ret;
1099
1100 if (batch)
1101 {
1102 if (!cfg.uid)
1103 return;
1104 ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0,
1105 cfg.uid, strlen (cfg.uid));
1106 if (ret < 0)
1107 {
1108 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1109 exit (1);
1110 }
1111 }
1112 else
1113 {
1114 read_crq_set (crq, "UID: ", GNUTLS_OID_LDAP_UID);
1115 }
1116
1117 }
1118
1119 void
1120 get_oid_crq_set (gnutls_x509_crq_t crq)
1121 {
1122 int ret, i;
1123
1124 if (batch)
1125 {
1126 if (!cfg.dn_oid)
1127 return;
1128 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
1129 {
1130 if (cfg.dn_oid[i + 1] == NULL)
1131 {
1132 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
1133 cfg.dn_oid[i]);
1134 exit (1);
1135 }
1136 ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
1137 cfg.dn_oid[i + 1],
1138 strlen (cfg.dn_oid[i + 1]));
1139
1140 if (ret < 0)
1141 {
1142 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
1143 exit (1);
1144 }
1145 }
1146 }
1147
1148 }
Implementation of the SSL/TLS protocol