search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gnutls_x509_crt_get_policy() allows for a list of zero policy qualifiers.
[gnutls.git] / src / certtool-cfg.c
blobb1113c61fef7ee8c8199775b08f6f9d539297947
1 /*
2 * Copyright (C) 2004-2012 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuTLS.
5 *
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
19 *
20 * Written by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
21 */
22
23 #include <config.h>
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <certtool-cfg.h>
28 #include <gnutls/x509.h>
29 #include <string.h>
30 #include <limits.h>
31 #include <inttypes.h>
32 #include <time.h>
33 #include <autoopts/options.h>
34
35 /* for inet_pton */
36 #include <sys/types.h>
37
38 #if HAVE_SYS_SOCKET_H
39 # include <sys/socket.h>
40 #elif HAVE_WS2TCPIP_H
41 # include <ws2tcpip.h>
42 #endif
43 #include <arpa/inet.h>
44
45 /* Gnulib portability files. */
46 #include <getpass.h>
47 #include "certtool-common.h"
48
49 extern int batch;
50
51 #define MAX_ENTRIES 128
52 #define MAX_POLICIES 8
53
54 typedef struct _cfg_ctx
55 {
56 char *organization;
57 char *unit;
58 char *locality;
59 char *state;
60 char *cn;
61 char *uid;
62 char *challenge_password;
63 char *pkcs9_email;
64 char *country;
65 char *policy_oid[MAX_POLICIES];
66 char *policy_txt[MAX_POLICIES];
67 char *policy_url[MAX_POLICIES];
68 char **dc;
69 char **dns_name;
70 char **uri;
71 char **ip_addr;
72 char **email;
73 char **dn_oid;
74 char *crl_dist_points;
75 char *password;
76 char *pkcs12_key_name;
77 int serial;
78 int expiration_days;
79 int ca;
80 int path_len;
81 int tls_www_client;
82 int tls_www_server;
83 int signing_key;
84 int encryption_key;
85 int cert_sign_key;
86 int crl_sign_key;
87 int code_sign_key;
88 int ocsp_sign_key;
89 int time_stamping_key;
90 int ipsec_ike_key;
91 char **key_purpose_oids;
92 int crl_next_update;
93 int crl_number;
94 int crq_extensions;
95 char *proxy_policy_language;
96 char **ocsp_uris;
97 char **ca_issuers_uris;
98 } cfg_ctx;
99
100 cfg_ctx cfg;
101
102 void
103 cfg_init (void)
104 {
105 memset (&cfg, 0, sizeof (cfg));
106 cfg.path_len = -1;
107 cfg.serial = -1;
108 }
109
110 #define READ_MULTI_LINE(name, s_name) \
111 val = optionGetValue(pov, name); \
112 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
113 { \
114 if (s_name == NULL) { \
115 i = 0; \
116 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
117 do { \
118 if (val && !strcmp(val->pzName, name)==0) \
119 continue; \
120 s_name[i] = strdup(val->v.strVal); \
121 i++; \
122 if (i>=MAX_ENTRIES) \
123 break; \
124 } while((val = optionNextValue(pov, val)) != NULL); \
125 s_name[i] = NULL; \
126 } \
127 }
128
129 #define READ_MULTI_LINE_TOKENIZED(name, s_name) \
130 val = optionGetValue(pov, name); \
131 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
132 { \
133 char str[512]; \
134 char * p; \
135 if (s_name == NULL) { \
136 i = 0; \
137 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
138 do { \
139 if (val && !strcmp(val->pzName, name)==0) \
140 continue; \
141 strncpy(str, val->v.strVal, sizeof(str)-1); \
142 str[sizeof(str)-1] = 0; \
143 if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
144 fprintf(stderr, "Error parsing %s\n", name); \
145 exit(1); \
146 } \
147 p[0] = 0; \
148 p++; \
149 s_name[i] = strdup(str); \
150 while(*p==' ' || *p == '\t') p++; \
151 if (p[0] == 0) { \
152 fprintf(stderr, "Error (2) parsing %s\n", name); \
153 exit(1); \
154 } \
155 s_name[i+1] = strdup(p); \
156 i+=2; \
157 if (i>=MAX_ENTRIES) \
158 break; \
159 } while((val = optionNextValue(pov, val)) != NULL); \
160 s_name[i] = NULL; \
161 } \
162 }
163
164 #define READ_BOOLEAN(name, s_name) \
165 val = optionGetValue(pov, name); \
166 if (val != NULL) \
167 { \
168 s_name = 1; \
169 }
170
171 #define READ_NUMERIC(name, s_name) \
172 val = optionGetValue(pov, name); \
173 if (val != NULL) \
174 { \
175 if (val->valType == OPARG_TYPE_NUMERIC) \
176 s_name = val->v.longVal; \
177 else if (val->valType == OPARG_TYPE_STRING) \
178 s_name = atoi(val->v.strVal); \
179 }
180
181 int
182 template_parse (const char *template)
183 {
184 /* Parsing return code */
185 int ret;
186 unsigned int i;
187 tOptionValue const * pov;
188 const tOptionValue* val;
189 char tmpstr[256];
190
191 pov = configFileLoad(template);
192 if (pov == NULL)
193 {
194 perror("configFileLoad");
195 fprintf(stderr, "Error loading template: %s\n", template);
196 exit(1);
197 }
198
199 /* Option variables */
200 val = optionGetValue(pov, "organization");
201 if (val != NULL && val->valType == OPARG_TYPE_STRING)
202 cfg.organization = strdup(val->v.strVal);
203
204 val = optionGetValue(pov, "unit");
205 if (val != NULL && val->valType == OPARG_TYPE_STRING)
206 cfg.unit = strdup(val->v.strVal);
207
208 val = optionGetValue(pov, "locality");
209 if (val != NULL && val->valType == OPARG_TYPE_STRING)
210 cfg.locality = strdup(val->v.strVal);
211
212 val = optionGetValue(pov, "state");
213 if (val != NULL && val->valType == OPARG_TYPE_STRING)
214 cfg.state = strdup(val->v.strVal);
215
216 val = optionGetValue(pov, "cn");
217 if (val != NULL && val->valType == OPARG_TYPE_STRING)
218 cfg.cn = strdup(val->v.strVal);
219
220 val = optionGetValue(pov, "uid");
221 if (val != NULL && val->valType == OPARG_TYPE_STRING)
222 cfg.uid = strdup(val->v.strVal);
223
224 val = optionGetValue(pov, "challenge_password");
225 if (val != NULL && val->valType == OPARG_TYPE_STRING)
226 cfg.challenge_password = strdup(val->v.strVal);
227
228 val = optionGetValue(pov, "password");
229 if (val != NULL && val->valType == OPARG_TYPE_STRING)
230 cfg.password = strdup(val->v.strVal);
231
232 val = optionGetValue(pov, "pkcs9_email");
233 if (val != NULL && val->valType == OPARG_TYPE_STRING)
234 cfg.pkcs9_email = strdup(val->v.strVal);
235
236 val = optionGetValue(pov, "country");
237 if (val != NULL && val->valType == OPARG_TYPE_STRING)
238 cfg.country = strdup(val->v.strVal);
239
240 for (i=0;i<MAX_POLICIES;i++)
241 {
242 snprintf(tmpstr, sizeof(tmpstr), "policy%d", i+1);
243 val = optionGetValue(pov, tmpstr);
244 if (val != NULL && val->valType == OPARG_TYPE_STRING)
245 cfg.policy_oid[i] = strdup(val->v.strVal);
246
247 if (cfg.policy_oid[i] != NULL)
248 {
249 snprintf(tmpstr, sizeof(tmpstr), "policy%d_url", i+1);
250 val = optionGetValue(pov, tmpstr);
251 if (val != NULL && val->valType == OPARG_TYPE_STRING)
252 cfg.policy_url[i] = strdup(val->v.strVal);
253
254 snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt", i+1);
255 val = optionGetValue(pov, tmpstr);
256 if (val != NULL && val->valType == OPARG_TYPE_STRING)
257 {
258 cfg.policy_txt[i] = strdup(val->v.strVal);
259 }
260 }
261 }
262
263 READ_MULTI_LINE("dc", cfg.dc);
264 READ_MULTI_LINE("dns_name", cfg.dns_name);
265 READ_MULTI_LINE("uri", cfg.uri);
266
267 READ_MULTI_LINE("ip_address", cfg.ip_addr);
268 READ_MULTI_LINE("email", cfg.email);
269 READ_MULTI_LINE("key_purpose_oid", cfg.key_purpose_oids);
270
271 READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid);
272
273 val = optionGetValue(pov, "crl_dist_points");
274 if (val != NULL && val->valType == OPARG_TYPE_STRING)
275 cfg.crl_dist_points = strdup(val->v.strVal);
276
277 val = optionGetValue(pov, "pkcs12_key_name");
278 if (val != NULL && val->valType == OPARG_TYPE_STRING)
279 cfg.pkcs12_key_name = strdup(val->v.strVal);
280
281
282 READ_NUMERIC("serial", cfg.serial);
283 READ_NUMERIC("expiration_days", cfg.expiration_days);
284 READ_NUMERIC("crl_next_update", cfg.crl_next_update);
285 READ_NUMERIC("crl_number", cfg.crl_number);
286
287 val = optionGetValue(pov, "proxy_policy_language");
288 if (val != NULL && val->valType == OPARG_TYPE_STRING)
289 cfg.proxy_policy_language = strdup(val->v.strVal);
290
291 READ_MULTI_LINE("ocsp_uri", cfg.ocsp_uris);
292 READ_MULTI_LINE("ca_issuers_uri", cfg.ca_issuers_uris);
293
294 READ_BOOLEAN("ca", cfg.ca);
295 READ_BOOLEAN("honor_crq_extensions", cfg.crq_extensions);
296 READ_BOOLEAN("path_len", cfg.path_len);
297 READ_BOOLEAN("tls_www_client", cfg.tls_www_client);
298 READ_BOOLEAN("tls_www_server", cfg.tls_www_server);
299 READ_BOOLEAN("signing_key", cfg.signing_key);
300 READ_BOOLEAN("encryption_key", cfg.encryption_key);
301 READ_BOOLEAN("cert_signing_key", cfg.cert_sign_key);
302 READ_BOOLEAN("crl_signing_key", cfg.crl_sign_key);
303 READ_BOOLEAN("code_signing_key", cfg.code_sign_key);
304 READ_BOOLEAN("ocsp_signing_key", cfg.ocsp_sign_key);
305 READ_BOOLEAN("time_stamping_key", cfg.time_stamping_key);
306 READ_BOOLEAN("ipsec_ike_key", cfg.ipsec_ike_key);
307
308 optionUnloadNested(pov);
309
310 return 0;
311 }
312
313 #define IS_NEWLINE(x) ((x[0] == '\n') || (x[0] == '\r'))
314
315 void
316 read_crt_set (gnutls_x509_crt_t crt, const char *input_str, const char *oid)
317 {
318 char input[128];
319 int ret;
320
321 fputs (input_str, stderr);
322 if (fgets (input, sizeof (input), stdin) == NULL)
323 return;
324
325 if (IS_NEWLINE(input))
326 return;
327
328 ret =
329 gnutls_x509_crt_set_dn_by_oid (crt, oid, 0, input, strlen (input) - 1);
330 if (ret < 0)
331 {
332 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
333 exit (1);
334 }
335 }
336
337 void
338 read_crq_set (gnutls_x509_crq_t crq, const char *input_str, const char *oid)
339 {
340 char input[128];
341 int ret;
342
343 fputs (input_str, stderr);
344 if (fgets (input, sizeof (input), stdin) == NULL)
345 return;
346
347 if (IS_NEWLINE(input))
348 return;
349
350 ret =
351 gnutls_x509_crq_set_dn_by_oid (crq, oid, 0, input, strlen (input) - 1);
352 if (ret < 0)
353 {
354 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
355 exit (1);
356 }
357 }
358
359 /* The input_str should contain %d or %u to print the default.
360 */
361 static int
362 read_int_with_default (const char *input_str, int def)
363 {
364 char *endptr;
365 long l, len;
366 static char input[128];
367
368 fprintf (stderr, input_str, def);
369 if (fgets (input, sizeof (input), stdin) == NULL)
370 return def;
371
372 if (IS_NEWLINE(input))
373 return def;
374
375 len = strlen (input);
376
377 l = strtol (input, &endptr, 0);
378
379 if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n')
380 {
381 fprintf (stderr, "Trailing garbage ignored: `%s'\n", endptr);
382 return 0;
383 }
384
385 if (l <= INT_MIN || l >= INT_MAX)
386 {
387 fprintf (stderr, "Integer out of range: `%s'\n", input);
388 return 0;
389 }
390
391 if (input == endptr)
392 l = def;
393
394 return (int) l;
395 }
396
397 int
398 read_int (const char *input_str)
399 {
400 return read_int_with_default (input_str, 0);
401 }
402
403 const char *
404 read_str (const char *input_str)
405 {
406 static char input[128];
407 int len;
408
409 fputs (input_str, stderr);
410 if (fgets (input, sizeof (input), stdin) == NULL)
411 return NULL;
412
413 if (IS_NEWLINE(input))
414 return NULL;
415
416 len = strlen (input);
417 if ((len > 0) && (input[len - 1] == '\n'))
418 input[len - 1] = 0;
419 if (input[0] == 0)
420 return NULL;
421
422 return input;
423 }
424
425 /* Default is no
426 */
427 int
428 read_yesno (const char *input_str)
429 {
430 char input[128];
431
432 fputs (input_str, stderr);
433 if (fgets (input, sizeof (input), stdin) == NULL)
434 return 0;
435
436 if (IS_NEWLINE(input))
437 return 0;
438
439 if (input[0] == 'y' || input[0] == 'Y')
440 return 1;
441
442 return 0;
443 }
444
445
446 /* Wrapper functions for non-interactive mode.
447 */
448 const char *
449 get_pass (void)
450 {
451 if (batch)
452 return cfg.password;
453 else
454 return getpass ("Enter password: ");
455 }
456
457 const char *
458 get_confirmed_pass (bool empty_ok)
459 {
460 if (batch)
461 return cfg.password;
462 else
463 {
464 const char *pass = NULL;
465 char *copy = NULL;
466
467 do
468 {
469 if (pass)
470 fprintf (stderr, "Password missmatch, try again.\n");
471
472 free (copy);
473
474 pass = getpass ("Enter password: ");
475 copy = strdup (pass);
476 pass = getpass ("Confirm password: ");
477 }
478 while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0'));
479
480 free (copy);
481
482 return pass;
483 }
484 }
485
486 const char *
487 get_challenge_pass (void)
488 {
489 if (batch)
490 return cfg.challenge_password;
491 else
492 return getpass ("Enter a challenge password: ");
493 }
494
495 const char *
496 get_crl_dist_point_url (void)
497 {
498 if (batch)
499 return cfg.crl_dist_points;
500 else
501 return read_str ("Enter the URI of the CRL distribution point: ");
502 }
503
504 void
505 get_country_crt_set (gnutls_x509_crt_t crt)
506 {
507 int ret;
508
509 if (batch)
510 {
511 if (!cfg.country)
512 return;
513 ret =
514 gnutls_x509_crt_set_dn_by_oid (crt,
515 GNUTLS_OID_X520_COUNTRY_NAME, 0,
516 cfg.country, strlen (cfg.country));
517 if (ret < 0)
518 {
519 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
520 exit (1);
521 }
522 }
523 else
524 {
525 read_crt_set (crt, "Country name (2 chars): ",
526 GNUTLS_OID_X520_COUNTRY_NAME);
527 }
528
529 }
530
531 void
532 get_organization_crt_set (gnutls_x509_crt_t crt)
533 {
534 int ret;
535
536 if (batch)
537 {
538 if (!cfg.organization)
539 return;
540
541 ret =
542 gnutls_x509_crt_set_dn_by_oid (crt,
543 GNUTLS_OID_X520_ORGANIZATION_NAME,
544 0, cfg.organization,
545 strlen (cfg.organization));
546 if (ret < 0)
547 {
548 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
549 exit (1);
550 }
551 }
552 else
553 {
554 read_crt_set (crt, "Organization name: ",
555 GNUTLS_OID_X520_ORGANIZATION_NAME);
556 }
557
558 }
559
560 void
561 get_unit_crt_set (gnutls_x509_crt_t crt)
562 {
563 int ret;
564
565 if (batch)
566 {
567 if (!cfg.unit)
568 return;
569
570 ret =
571 gnutls_x509_crt_set_dn_by_oid (crt,
572 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
573 0, cfg.unit, strlen (cfg.unit));
574 if (ret < 0)
575 {
576 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
577 exit (1);
578 }
579 }
580 else
581 {
582 read_crt_set (crt, "Organizational unit name: ",
583 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
584 }
585
586 }
587
588 void
589 get_state_crt_set (gnutls_x509_crt_t crt)
590 {
591 int ret;
592
593 if (batch)
594 {
595 if (!cfg.state)
596 return;
597 ret =
598 gnutls_x509_crt_set_dn_by_oid (crt,
599 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
600 0, cfg.state, strlen (cfg.state));
601 if (ret < 0)
602 {
603 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
604 exit (1);
605 }
606 }
607 else
608 {
609 read_crt_set (crt, "State or province name: ",
610 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
611 }
612
613 }
614
615 void
616 get_locality_crt_set (gnutls_x509_crt_t crt)
617 {
618 int ret;
619
620 if (batch)
621 {
622 if (!cfg.locality)
623 return;
624 ret =
625 gnutls_x509_crt_set_dn_by_oid (crt,
626 GNUTLS_OID_X520_LOCALITY_NAME, 0,
627 cfg.locality, strlen (cfg.locality));
628 if (ret < 0)
629 {
630 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
631 exit (1);
632 }
633 }
634 else
635 {
636 read_crt_set (crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
637 }
638
639 }
640
641 void
642 get_cn_crt_set (gnutls_x509_crt_t crt)
643 {
644 int ret;
645
646 if (batch)
647 {
648 if (!cfg.cn)
649 return;
650 ret =
651 gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
652 0, cfg.cn, strlen (cfg.cn));
653 if (ret < 0)
654 {
655 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
656 exit (1);
657 }
658 }
659 else
660 {
661 read_crt_set (crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
662 }
663
664 }
665
666 void
667 get_uid_crt_set (gnutls_x509_crt_t crt)
668 {
669 int ret;
670
671 if (batch)
672 {
673 if (!cfg.uid)
674 return;
675 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0,
676 cfg.uid, strlen (cfg.uid));
677 if (ret < 0)
678 {
679 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
680 exit (1);
681 }
682 }
683 else
684 {
685 read_crt_set (crt, "UID: ", GNUTLS_OID_LDAP_UID);
686 }
687
688 }
689
690 void
691 get_oid_crt_set (gnutls_x509_crt_t crt)
692 {
693 int ret, i;
694
695 if (batch)
696 {
697 if (!cfg.dn_oid)
698 return;
699 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
700 {
701 if (cfg.dn_oid[i + 1] == NULL)
702 {
703 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
704 cfg.dn_oid[i]);
705 exit (1);
706 }
707 ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
708 cfg.dn_oid[i + 1],
709 strlen (cfg.dn_oid[i + 1]));
710
711 if (ret < 0)
712 {
713 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
714 exit (1);
715 }
716 }
717 }
718 }
719
720 void
721 get_key_purpose_set (gnutls_x509_crt_t crt)
722 {
723 int ret, i;
724
725 if (batch)
726 {
727 if (!cfg.key_purpose_oids)
728 return;
729 for (i = 0; cfg.key_purpose_oids[i] != NULL; i++)
730 {
731 ret =
732 gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i],
733 0);
734
735 if (ret < 0)
736 {
737 fprintf (stderr, "set_key_purpose_oid (%s): %s\n",
738 cfg.key_purpose_oids[i], gnutls_strerror (ret));
739 exit (1);
740 }
741 }
742 }
743 }
744
745 void
746 get_ocsp_issuer_set (gnutls_x509_crt_t crt)
747 {
748 int ret, i;
749 gnutls_datum_t uri;
750
751 if (batch)
752 {
753 if (!cfg.ocsp_uris)
754 return;
755 for (i = 0; cfg.ocsp_uris[i] != NULL; i++)
756 {
757 uri.data = cfg.ocsp_uris[i];
758 uri.size = strlen(cfg.ocsp_uris[i]);
759 ret =
760 gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_OCSP_URI,
761 &uri);
762 if (ret < 0)
763 {
764 fprintf (stderr, "set OCSP URI (%s): %s\n",
765 cfg.ocsp_uris[i], gnutls_strerror (ret));
766 exit (1);
767 }
768 }
769 }
770 }
771
772 void
773 get_ca_issuers_set (gnutls_x509_crt_t crt)
774 {
775 int ret, i;
776 gnutls_datum_t uri;
777
778 if (batch)
779 {
780 if (!cfg.ca_issuers_uris)
781 return;
782 for (i = 0; cfg.ca_issuers_uris[i] != NULL; i++)
783 {
784 uri.data = cfg.ca_issuers_uris[i];
785 uri.size = strlen(cfg.ca_issuers_uris[i]);
786 ret =
787 gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_CAISSUERS_URI,
788 &uri);
789 if (ret < 0)
790 {
791 fprintf (stderr, "set CA ISSUERS URI (%s): %s\n",
792 cfg.ca_issuers_uris[i], gnutls_strerror (ret));
793 exit (1);
794 }
795 }
796 }
797 }
798
799
800 void
801 get_pkcs9_email_crt_set (gnutls_x509_crt_t crt)
802 {
803 int ret;
804
805 if (batch)
806 {
807 if (!cfg.pkcs9_email)
808 return;
809 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0,
810 cfg.pkcs9_email,
811 strlen (cfg.pkcs9_email));
812 if (ret < 0)
813 {
814 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
815 exit (1);
816 }
817 }
818 else
819 {
820 read_crt_set (crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL);
821 }
822
823 }
824
825 int
826 get_serial (void)
827 {
828 int default_serial = time (NULL);
829
830 if (batch)
831 {
832 if (cfg.serial < 0)
833 return default_serial;
834 return cfg.serial;
835 }
836 else
837 {
838 return read_int_with_default
839 ("Enter the certificate's serial number in decimal (default: %u): ",
840 default_serial);
841 }
842 }
843
844 int
845 get_days (void)
846 {
847 int days;
848
849 if (batch)
850 {
851 if (cfg.expiration_days <= 0)
852 return 365;
853 else
854 return cfg.expiration_days;
855 }
856 else
857 {
858 do
859 {
860 days = read_int ("The certificate will expire in (days): ");
861 }
862 while (days == 0);
863 return days;
864 }
865 }
866
867 int
868 get_ca_status (void)
869 {
870 if (batch)
871 {
872 return cfg.ca;
873 }
874 else
875 {
876 return
877 read_yesno ("Does the certificate belong to an authority? (y/N): ");
878 }
879 }
880
881 int
882 get_crq_extensions_status (void)
883 {
884 if (batch)
885 {
886 return cfg.crq_extensions;
887 }
888 else
889 {
890 return
891 read_yesno
892 ("Do you want to honour the extensions from the request? (y/N): ");
893 }
894 }
895
896 int
897 get_crl_number (void)
898 {
899 if (batch)
900 {
901 return cfg.crl_number;
902 }
903 else
904 {
905 return read_int_with_default ("CRL Number: ", 1);
906 }
907 }
908
909 int
910 get_path_len (void)
911 {
912 if (batch)
913 {
914 return cfg.path_len;
915 }
916 else
917 {
918 return read_int_with_default
919 ("Path length constraint (decimal, %d for no constraint): ", -1);
920 }
921 }
922
923 const char *
924 get_pkcs12_key_name (void)
925 {
926 const char *name;
927
928 if (batch)
929 {
930 if (!cfg.pkcs12_key_name)
931 return "Anonymous";
932 return cfg.pkcs12_key_name;
933 }
934 else
935 {
936 do
937 {
938 name = read_str ("Enter a name for the key: ");
939 }
940 while (name == NULL);
941 }
942 return name;
943 }
944
945 int
946 get_tls_client_status (void)
947 {
948 if (batch)
949 {
950 return cfg.tls_www_client;
951 }
952 else
953 {
954 return read_yesno ("Is this a TLS web client certificate? (y/N): ");
955 }
956 }
957
958 int
959 get_tls_server_status (void)
960 {
961 if (batch)
962 {
963 return cfg.tls_www_server;
964 }
965 else
966 {
967 return
968 read_yesno ("Is this also a TLS web server certificate? (y/N): ");
969 }
970 }
971
972 /* convert a printable IP to binary */
973 static int
974 string_to_ip (unsigned char *ip, const char *str)
975 {
976 int len = strlen (str);
977 int ret;
978
979 #if HAVE_IPV6
980 if (strchr (str, ':') != NULL || len > 16)
981 { /* IPv6 */
982 ret = inet_pton (AF_INET6, str, ip);
983 if (ret <= 0)
984 {
985 fprintf (stderr, "Error in IPv6 address %s\n", str);
986 exit (1);
987 }
988
989 /* To be done */
990 return 16;
991 }
992 else
993 #endif
994 { /* IPv4 */
995 ret = inet_pton (AF_INET, str, ip);
996 if (ret <= 0)
997 {
998 fprintf (stderr, "Error in IPv4 address %s\n", str);
999 exit (1);
1000 }
1001
1002 return 4;
1003 }
1004
1005 }
1006
1007 void
1008 get_ip_addr_set (int type, void *crt)
1009 {
1010 int ret = 0, i;
1011 unsigned char ip[16];
1012 int len;
1013
1014 if (batch)
1015 {
1016 if (!cfg.ip_addr)
1017 return;
1018
1019 for (i = 0; cfg.ip_addr[i] != NULL; i++)
1020 {
1021 len = string_to_ip (ip, cfg.ip_addr[i]);
1022 if (len <= 0)
1023 {
1024 fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]);
1025 exit (1);
1026 }
1027
1028 if (type == TYPE_CRT)
1029 ret =
1030 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1031 ip, len,
1032 GNUTLS_FSAN_APPEND);
1033 else
1034 ret =
1035 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1036 ip, len,
1037 GNUTLS_FSAN_APPEND);
1038
1039 if (ret < 0)
1040 break;
1041 }
1042 }
1043 else
1044 {
1045 const char *p;
1046
1047 p =
1048 read_str ("Enter the IP address of the subject of the certificate: ");
1049 if (!p)
1050 return;
1051
1052 len = string_to_ip (ip, p);
1053 if (len <= 0)
1054 {
1055 fprintf (stderr, "Error parsing address: %s\n", p);
1056 exit (1);
1057 }
1058
1059 if (type == TYPE_CRT)
1060 ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1061 ip, len,
1062 GNUTLS_FSAN_APPEND);
1063 else
1064 ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1065 ip, len,
1066 GNUTLS_FSAN_APPEND);
1067 }
1068
1069 if (ret < 0)
1070 {
1071 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1072 exit (1);
1073 }
1074 }
1075
1076 void
1077 get_email_set (int type, void *crt)
1078 {
1079 int ret = 0, i;
1080
1081 if (batch)
1082 {
1083 if (!cfg.email)
1084 return;
1085
1086 for (i = 0; cfg.email[i] != NULL; i++)
1087 {
1088 if (type == TYPE_CRT)
1089 ret =
1090 gnutls_x509_crt_set_subject_alt_name (crt,
1091 GNUTLS_SAN_RFC822NAME,
1092 cfg.email[i],
1093 strlen (cfg.email[i]),
1094 GNUTLS_FSAN_APPEND);
1095 else
1096 ret =
1097 gnutls_x509_crq_set_subject_alt_name (crt,
1098 GNUTLS_SAN_RFC822NAME,
1099 cfg.email[i],
1100 strlen (cfg.email[i]),
1101 GNUTLS_FSAN_APPEND);
1102
1103 if (ret < 0)
1104 break;
1105 }
1106 }
1107 else
1108 {
1109 const char *p;
1110
1111 p = read_str ("Enter the e-mail of the subject of the certificate: ");
1112 if (!p)
1113 return;
1114
1115 if (type == TYPE_CRT)
1116 ret =
1117 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
1118 strlen (p),
1119 GNUTLS_FSAN_APPEND);
1120 else
1121 ret =
1122 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
1123 strlen (p),
1124 GNUTLS_FSAN_APPEND);
1125 }
1126
1127 if (ret < 0)
1128 {
1129 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1130 exit (1);
1131 }
1132 }
1133
1134
1135 void
1136 get_dc_set (int type, void *crt)
1137 {
1138 int ret = 0, i;
1139
1140 if (batch)
1141 {
1142 if (!cfg.dc)
1143 return;
1144
1145 for (i = 0; cfg.dc[i] != NULL; i++)
1146 {
1147 if (type == TYPE_CRT)
1148 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1149 0, cfg.dc[i], strlen (cfg.dc[i]));
1150 else
1151 ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1152 0, cfg.dc[i], strlen (cfg.dc[i]));
1153
1154 if (ret < 0)
1155 break;
1156 }
1157 }
1158 else
1159 {
1160 const char *p;
1161
1162 do
1163 {
1164 p = read_str ("Enter the subject's domain component (DC): ");
1165 if (!p)
1166 return;
1167
1168 if (type == TYPE_CRT)
1169 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1170 0, p, strlen (p));
1171 else
1172 ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1173 0, p, strlen (p));
1174 }
1175 while(p != NULL);
1176 }
1177
1178 if (ret < 0)
1179 {
1180 fprintf (stderr, "set_dn_by_oid: %s\n", gnutls_strerror (ret));
1181 exit (1);
1182 }
1183 }
1184
1185 void
1186 get_dns_name_set (int type, void *crt)
1187 {
1188 int ret = 0, i;
1189
1190 if (batch)
1191 {
1192 if (!cfg.dns_name)
1193 return;
1194
1195 for (i = 0; cfg.dns_name[i] != NULL; i++)
1196 {
1197 if (type == TYPE_CRT)
1198 ret =
1199 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
1200 cfg.dns_name[i],
1201 strlen (cfg.dns_name[i]),
1202 GNUTLS_FSAN_APPEND);
1203 else
1204 ret =
1205 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
1206 cfg.dns_name[i],
1207 strlen (cfg.dns_name[i]),
1208 GNUTLS_FSAN_APPEND);
1209
1210 if (ret < 0)
1211 break;
1212 }
1213 }
1214 else
1215 {
1216 const char *p;
1217
1218 do
1219 {
1220 p =
1221 read_str ("Enter a dnsName of the subject of the certificate: ");
1222 if (!p)
1223 return;
1224
1225 if (type == TYPE_CRT)
1226 ret = gnutls_x509_crt_set_subject_alt_name
1227 (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
1228 else
1229 ret = gnutls_x509_crq_set_subject_alt_name
1230 (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
1231 }
1232 while (p);
1233 }
1234
1235 if (ret < 0)
1236 {
1237 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1238 exit (1);
1239 }
1240 }
1241
1242 void
1243 get_policy_set (gnutls_x509_crt_t crt)
1244 {
1245 int ret = 0, i;
1246 gnutls_x509_policy_st policy;
1247
1248 if (batch)
1249 {
1250 if (!cfg.policy_oid)
1251 return;
1252
1253 for (i = 0; cfg.policy_oid[i] != NULL; i++)
1254 {
1255 memset(&policy, 0, sizeof(policy));
1256 policy.oid = cfg.policy_oid[i];
1257
1258 if (cfg.policy_txt[i] != NULL)
1259 {
1260 policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_NOTICE;
1261 policy.qualifier[policy.qualifiers].data = cfg.policy_txt[i];
1262 policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_txt[i]);
1263 policy.qualifiers++;
1264 }
1265
1266 if (cfg.policy_url[i] != NULL)
1267 {
1268 policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_URI;
1269 policy.qualifier[policy.qualifiers].data = cfg.policy_url[i];
1270 policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_url[i]);
1271 policy.qualifiers++;
1272 }
1273
1274 ret =
1275 gnutls_x509_crt_set_policy (crt, &policy, 0);
1276 if (ret < 0)
1277 break;
1278 }
1279 }
1280
1281 if (ret < 0)
1282 {
1283 fprintf (stderr, "set_policy: %s\n", gnutls_strerror (ret));
1284 exit (1);
1285 }
1286 }
1287
1288 void
1289 get_uri_set (int type, void *crt)
1290 {
1291 int ret = 0, i;
1292
1293 if (batch)
1294 {
1295 if (!cfg.uri)
1296 return;
1297
1298 for (i = 0; cfg.uri[i] != NULL; i++)
1299 {
1300 if (type == TYPE_CRT)
1301 ret =
1302 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_URI,
1303 cfg.uri[i],
1304 strlen (cfg.uri[i]),
1305 GNUTLS_FSAN_APPEND);
1306 else
1307 ret =
1308 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_URI,
1309 cfg.uri[i],
1310 strlen (cfg.uri[i]),
1311 GNUTLS_FSAN_APPEND);
1312
1313 if (ret < 0)
1314 break;
1315 }
1316 }
1317 else
1318 {
1319 const char *p;
1320
1321 do
1322 {
1323 p =
1324 read_str ("Enter a URI of the subject of the certificate: ");
1325 if (!p)
1326 return;
1327
1328 if (type == TYPE_CRT)
1329 ret = gnutls_x509_crt_set_subject_alt_name
1330 (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
1331 else
1332 ret = gnutls_x509_crq_set_subject_alt_name
1333 (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
1334 }
1335 while (p);
1336 }
1337
1338 if (ret < 0)
1339 {
1340 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1341 exit (1);
1342 }
1343 }
1344
1345
1346
1347 int
1348 get_sign_status (int server)
1349 {
1350 const char *msg;
1351
1352 if (batch)
1353 {
1354 return cfg.signing_key;
1355 }
1356 else
1357 {
1358 if (server)
1359 msg =
1360 "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): ";
1361 else
1362 msg =
1363 "Will the certificate be used for signing (required for TLS)? (y/N): ";
1364 return read_yesno (msg);
1365 }
1366 }
1367
1368 int
1369 get_encrypt_status (int server)
1370 {
1371 const char *msg;
1372
1373 if (batch)
1374 {
1375 return cfg.encryption_key;
1376 }
1377 else
1378 {
1379 if (server)
1380 msg =
1381 "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): ";
1382 else
1383 msg =
1384 "Will the certificate be used for encryption (not required for TLS)? (y/N): ";
1385 return read_yesno (msg);
1386 }
1387 }
1388
1389 int
1390 get_cert_sign_status (void)
1391 {
1392 if (batch)
1393 {
1394 return cfg.cert_sign_key;
1395 }
1396 else
1397 {
1398 return
1399 read_yesno
1400 ("Will the certificate be used to sign other certificates? (y/N): ");
1401 }
1402 }
1403
1404 int
1405 get_crl_sign_status (void)
1406 {
1407 if (batch)
1408 {
1409 return cfg.crl_sign_key;
1410 }
1411 else
1412 {
1413 return
1414 read_yesno ("Will the certificate be used to sign CRLs? (y/N): ");
1415 }
1416 }
1417
1418 int
1419 get_code_sign_status (void)
1420 {
1421 if (batch)
1422 {
1423 return cfg.code_sign_key;
1424 }
1425 else
1426 {
1427 return
1428 read_yesno ("Will the certificate be used to sign code? (y/N): ");
1429 }
1430 }
1431
1432 int
1433 get_ocsp_sign_status (void)
1434 {
1435 if (batch)
1436 {
1437 return cfg.ocsp_sign_key;
1438 }
1439 else
1440 {
1441 return
1442 read_yesno
1443 ("Will the certificate be used to sign OCSP requests? (y/N): ");
1444 }
1445 }
1446
1447 int
1448 get_time_stamp_status (void)
1449 {
1450 if (batch)
1451 {
1452 return cfg.time_stamping_key;
1453 }
1454 else
1455 {
1456 return
1457 read_yesno
1458 ("Will the certificate be used for time stamping? (y/N): ");
1459 }
1460 }
1461
1462 int
1463 get_ipsec_ike_status (void)
1464 {
1465 if (batch)
1466 {
1467 return cfg.ipsec_ike_key;
1468 }
1469 else
1470 {
1471 return
1472 read_yesno
1473 ("Will the certificate be used for IPsec IKE operations? (y/N): ");
1474 }
1475 }
1476
1477 int
1478 get_crl_next_update (void)
1479 {
1480 int days;
1481
1482 if (batch)
1483 {
1484 if (cfg.crl_next_update <= 0)
1485 return 365;
1486 else
1487 return cfg.crl_next_update;
1488 }
1489 else
1490 {
1491 do
1492 {
1493 days = read_int ("The next CRL will be issued in (days): ");
1494 }
1495 while (days == 0);
1496 return days;
1497 }
1498 }
1499
1500 const char *
1501 get_proxy_policy (char **policy, size_t * policylen)
1502 {
1503 const char *ret;
1504
1505 if (batch)
1506 {
1507 ret = cfg.proxy_policy_language;
1508 if (!ret)
1509 ret = "1.3.6.1.5.5.7.21.1";
1510 }
1511 else
1512 {
1513 do
1514 {
1515 ret = read_str ("Enter the OID of the proxy policy language: ");
1516 }
1517 while (ret == NULL);
1518 }
1519
1520 *policy = NULL;
1521 *policylen = 0;
1522
1523 if (strcmp (ret, "1.3.6.1.5.5.7.21.1") != 0 &&
1524 strcmp (ret, "1.3.6.1.5.5.7.21.2") != 0)
1525 {
1526 fprintf (stderr, "Reading non-standard proxy policy not supported.\n");
1527 }
1528
1529 return ret;
1530 }
1531
1532 /* CRQ stuff.
1533 */
1534 void
1535 get_country_crq_set (gnutls_x509_crq_t crq)
1536 {
1537 int ret;
1538
1539 if (batch)
1540 {
1541 if (!cfg.country)
1542 return;
1543 ret =
1544 gnutls_x509_crq_set_dn_by_oid (crq,
1545 GNUTLS_OID_X520_COUNTRY_NAME, 0,
1546 cfg.country, strlen (cfg.country));
1547 if (ret < 0)
1548 {
1549 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1550 exit (1);
1551 }
1552 }
1553 else
1554 {
1555 read_crq_set (crq, "Country name (2 chars): ",
1556 GNUTLS_OID_X520_COUNTRY_NAME);
1557 }
1558
1559 }
1560
1561 void
1562 get_organization_crq_set (gnutls_x509_crq_t crq)
1563 {
1564 int ret;
1565
1566 if (batch)
1567 {
1568 if (!cfg.organization)
1569 return;
1570
1571 ret =
1572 gnutls_x509_crq_set_dn_by_oid (crq,
1573 GNUTLS_OID_X520_ORGANIZATION_NAME,
1574 0, cfg.organization,
1575 strlen (cfg.organization));
1576 if (ret < 0)
1577 {
1578 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1579 exit (1);
1580 }
1581 }
1582 else
1583 {
1584 read_crq_set (crq, "Organization name: ",
1585 GNUTLS_OID_X520_ORGANIZATION_NAME);
1586 }
1587
1588 }
1589
1590 void
1591 get_unit_crq_set (gnutls_x509_crq_t crq)
1592 {
1593 int ret;
1594
1595 if (batch)
1596 {
1597 if (!cfg.unit)
1598 return;
1599
1600 ret =
1601 gnutls_x509_crq_set_dn_by_oid (crq,
1602 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
1603 0, cfg.unit, strlen (cfg.unit));
1604 if (ret < 0)
1605 {
1606 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1607 exit (1);
1608 }
1609 }
1610 else
1611 {
1612 read_crq_set (crq, "Organizational unit name: ",
1613 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
1614 }
1615
1616 }
1617
1618 void
1619 get_state_crq_set (gnutls_x509_crq_t crq)
1620 {
1621 int ret;
1622
1623 if (batch)
1624 {
1625 if (!cfg.state)
1626 return;
1627 ret =
1628 gnutls_x509_crq_set_dn_by_oid (crq,
1629 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
1630 0, cfg.state, strlen (cfg.state));
1631 if (ret < 0)
1632 {
1633 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1634 exit (1);
1635 }
1636 }
1637 else
1638 {
1639 read_crq_set (crq, "State or province name: ",
1640 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
1641 }
1642
1643 }
1644
1645 void
1646 get_locality_crq_set (gnutls_x509_crq_t crq)
1647 {
1648 int ret;
1649
1650 if (batch)
1651 {
1652 if (!cfg.locality)
1653 return;
1654 ret =
1655 gnutls_x509_crq_set_dn_by_oid (crq,
1656 GNUTLS_OID_X520_LOCALITY_NAME, 0,
1657 cfg.locality, strlen (cfg.locality));
1658 if (ret < 0)
1659 {
1660 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1661 exit (1);
1662 }
1663 }
1664 else
1665 {
1666 read_crq_set (crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
1667 }
1668
1669 }
1670
1671 void
1672 get_cn_crq_set (gnutls_x509_crq_t crq)
1673 {
1674 int ret;
1675
1676 if (batch)
1677 {
1678 if (!cfg.cn)
1679 return;
1680 ret =
1681 gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
1682 0, cfg.cn, strlen (cfg.cn));
1683 if (ret < 0)
1684 {
1685 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1686 exit (1);
1687 }
1688 }
1689 else
1690 {
1691 read_crq_set (crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
1692 }
1693
1694 }
1695
1696 void
1697 get_uid_crq_set (gnutls_x509_crq_t crq)
1698 {
1699 int ret;
1700
1701 if (batch)
1702 {
1703 if (!cfg.uid)
1704 return;
1705 ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0,
1706 cfg.uid, strlen (cfg.uid));
1707 if (ret < 0)
1708 {
1709 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1710 exit (1);
1711 }
1712 }
1713 else
1714 {
1715 read_crq_set (crq, "UID: ", GNUTLS_OID_LDAP_UID);
1716 }
1717
1718 }
1719
1720 void
1721 get_oid_crq_set (gnutls_x509_crq_t crq)
1722 {
1723 int ret, i;
1724
1725 if (batch)
1726 {
1727 if (!cfg.dn_oid)
1728 return;
1729 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
1730 {
1731 if (cfg.dn_oid[i + 1] == NULL)
1732 {
1733 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
1734 cfg.dn_oid[i]);
1735 exit (1);
1736 }
1737 ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
1738 cfg.dn_oid[i + 1],
1739 strlen (cfg.dn_oid[i + 1]));
1740
1741 if (ret < 0)
1742 {
1743 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
1744 exit (1);
1745 }
1746 }
1747 }
1748
1749 }
Implementation of the SSL/TLS protocol