search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
certtool is able to set certificate policies via a template
[gnutls.git] / src / certtool-cfg.c
blobc2cf1c1234a0063d90b90da629f386175aa60705
1 /*
2 * Copyright (C) 2004-2012 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuTLS.
5 *
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
19 *
20 * Written by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
21 */
22
23 #include <config.h>
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <certtool-cfg.h>
28 #include <gnutls/x509.h>
29 #include <string.h>
30 #include <limits.h>
31 #include <inttypes.h>
32 #include <time.h>
33 #include <autoopts/options.h>
34
35 /* for inet_pton */
36 #include <sys/types.h>
37
38 #if HAVE_SYS_SOCKET_H
39 # include <sys/socket.h>
40 #elif HAVE_WS2TCPIP_H
41 # include <ws2tcpip.h>
42 #endif
43 #include <arpa/inet.h>
44
45 /* Gnulib portability files. */
46 #include <getpass.h>
47 #include "certtool-common.h"
48
49 extern int batch;
50
51 #define MAX_ENTRIES 128
52
53 typedef struct _cfg_ctx
54 {
55 char *organization;
56 char *unit;
57 char *locality;
58 char *state;
59 char *cn;
60 char *uid;
61 char *challenge_password;
62 char *pkcs9_email;
63 char *country;
64 char **policy_oid;
65 char *policy_txt[MAX_ENTRIES];
66 char *policy_url[MAX_ENTRIES];
67 char **dc;
68 char **dns_name;
69 char **uri;
70 char **ip_addr;
71 char **email;
72 char **dn_oid;
73 char *crl_dist_points;
74 char *password;
75 char *pkcs12_key_name;
76 int serial;
77 int expiration_days;
78 int ca;
79 int path_len;
80 int tls_www_client;
81 int tls_www_server;
82 int signing_key;
83 int encryption_key;
84 int cert_sign_key;
85 int crl_sign_key;
86 int code_sign_key;
87 int ocsp_sign_key;
88 int time_stamping_key;
89 int ipsec_ike_key;
90 char **key_purpose_oids;
91 int crl_next_update;
92 int crl_number;
93 int crq_extensions;
94 char *proxy_policy_language;
95 char **ocsp_uris;
96 char **ca_issuers_uris;
97 } cfg_ctx;
98
99 cfg_ctx cfg;
100
101 void
102 cfg_init (void)
103 {
104 memset (&cfg, 0, sizeof (cfg));
105 cfg.path_len = -1;
106 cfg.serial = -1;
107 }
108
109 #define READ_MULTI_LINE(name, s_name) \
110 val = optionGetValue(pov, name); \
111 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
112 { \
113 if (s_name == NULL) { \
114 i = 0; \
115 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
116 do { \
117 if (val && !strcmp(val->pzName, name)==0) \
118 continue; \
119 s_name[i] = strdup(val->v.strVal); \
120 i++; \
121 if (i>=MAX_ENTRIES) \
122 break; \
123 } while((val = optionNextValue(pov, val)) != NULL); \
124 s_name[i] = NULL; \
125 } \
126 }
127
128 #define READ_MULTI_LINE_TOKENIZED(name, s_name) \
129 val = optionGetValue(pov, name); \
130 if (val != NULL && val->valType == OPARG_TYPE_STRING) \
131 { \
132 char str[512]; \
133 char * p; \
134 if (s_name == NULL) { \
135 i = 0; \
136 s_name = malloc(sizeof(char*)*MAX_ENTRIES); \
137 do { \
138 if (val && !strcmp(val->pzName, name)==0) \
139 continue; \
140 strncpy(str, val->v.strVal, sizeof(str)-1); \
141 str[sizeof(str)-1] = 0; \
142 if ((p=strchr(str, ' ')) == NULL && (p=strchr(str, '\t')) == NULL) { \
143 fprintf(stderr, "Error parsing %s\n", name); \
144 exit(1); \
145 } \
146 p[0] = 0; \
147 p++; \
148 s_name[i] = strdup(str); \
149 while(*p==' ' || *p == '\t') p++; \
150 if (p[0] == 0) { \
151 fprintf(stderr, "Error (2) parsing %s\n", name); \
152 exit(1); \
153 } \
154 s_name[i+1] = strdup(p); \
155 i+=2; \
156 if (i>=MAX_ENTRIES) \
157 break; \
158 } while((val = optionNextValue(pov, val)) != NULL); \
159 s_name[i] = NULL; \
160 } \
161 }
162
163 #define READ_BOOLEAN(name, s_name) \
164 val = optionGetValue(pov, name); \
165 if (val != NULL) \
166 { \
167 s_name = 1; \
168 }
169
170 #define READ_NUMERIC(name, s_name) \
171 val = optionGetValue(pov, name); \
172 if (val != NULL) \
173 { \
174 if (val->valType == OPARG_TYPE_NUMERIC) \
175 s_name = val->v.longVal; \
176 else if (val->valType == OPARG_TYPE_STRING) \
177 s_name = atoi(val->v.strVal); \
178 }
179
180 int
181 template_parse (const char *template)
182 {
183 /* Parsing return code */
184 int ret;
185 unsigned int i;
186 tOptionValue const * pov;
187 const tOptionValue* val;
188 char tmpstr[256];
189
190 pov = configFileLoad(template);
191 if (pov == NULL)
192 {
193 perror("configFileLoad");
194 fprintf(stderr, "Error loading template: %s\n", template);
195 exit(1);
196 }
197
198 /* Option variables */
199 val = optionGetValue(pov, "organization");
200 if (val != NULL && val->valType == OPARG_TYPE_STRING)
201 cfg.organization = strdup(val->v.strVal);
202
203 val = optionGetValue(pov, "unit");
204 if (val != NULL && val->valType == OPARG_TYPE_STRING)
205 cfg.unit = strdup(val->v.strVal);
206
207 val = optionGetValue(pov, "locality");
208 if (val != NULL && val->valType == OPARG_TYPE_STRING)
209 cfg.locality = strdup(val->v.strVal);
210
211 val = optionGetValue(pov, "state");
212 if (val != NULL && val->valType == OPARG_TYPE_STRING)
213 cfg.state = strdup(val->v.strVal);
214
215 val = optionGetValue(pov, "cn");
216 if (val != NULL && val->valType == OPARG_TYPE_STRING)
217 cfg.cn = strdup(val->v.strVal);
218
219 val = optionGetValue(pov, "uid");
220 if (val != NULL && val->valType == OPARG_TYPE_STRING)
221 cfg.uid = strdup(val->v.strVal);
222
223 val = optionGetValue(pov, "challenge_password");
224 if (val != NULL && val->valType == OPARG_TYPE_STRING)
225 cfg.challenge_password = strdup(val->v.strVal);
226
227 val = optionGetValue(pov, "password");
228 if (val != NULL && val->valType == OPARG_TYPE_STRING)
229 cfg.password = strdup(val->v.strVal);
230
231 val = optionGetValue(pov, "pkcs9_email");
232 if (val != NULL && val->valType == OPARG_TYPE_STRING)
233 cfg.pkcs9_email = strdup(val->v.strVal);
234
235 val = optionGetValue(pov, "country");
236 if (val != NULL && val->valType == OPARG_TYPE_STRING)
237 cfg.country = strdup(val->v.strVal);
238
239 READ_MULTI_LINE("policy", cfg.policy_oid);
240
241 if (cfg.policy_oid != NULL)
242 {
243 int i = 0;
244 while(cfg.policy_oid[i] != NULL)
245 {
246 snprintf(tmpstr, sizeof(tmpstr), "policy%d_url", i+1);
247 val = optionGetValue(pov, tmpstr);
248 if (val != NULL && val->valType == OPARG_TYPE_STRING)
249 cfg.policy_url[i] = strdup(val->v.strVal);
250
251 snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt", i+1);
252 val = optionGetValue(pov, tmpstr);
253 if (val != NULL && val->valType == OPARG_TYPE_STRING)
254 {
255 cfg.policy_txt[i] = strdup(val->v.strVal);
256 }
257
258 i++;
259 }
260 }
261
262 READ_MULTI_LINE("dc", cfg.dc);
263 READ_MULTI_LINE("dns_name", cfg.dns_name);
264 READ_MULTI_LINE("uri", cfg.uri);
265
266 READ_MULTI_LINE("ip_address", cfg.ip_addr);
267 READ_MULTI_LINE("email", cfg.email);
268 READ_MULTI_LINE("key_purpose_oid", cfg.key_purpose_oids);
269
270 READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid);
271
272 val = optionGetValue(pov, "crl_dist_points");
273 if (val != NULL && val->valType == OPARG_TYPE_STRING)
274 cfg.crl_dist_points = strdup(val->v.strVal);
275
276 val = optionGetValue(pov, "pkcs12_key_name");
277 if (val != NULL && val->valType == OPARG_TYPE_STRING)
278 cfg.pkcs12_key_name = strdup(val->v.strVal);
279
280
281 READ_NUMERIC("serial", cfg.serial);
282 READ_NUMERIC("expiration_days", cfg.expiration_days);
283 READ_NUMERIC("crl_next_update", cfg.crl_next_update);
284 READ_NUMERIC("crl_number", cfg.crl_number);
285
286 val = optionGetValue(pov, "proxy_policy_language");
287 if (val != NULL && val->valType == OPARG_TYPE_STRING)
288 cfg.proxy_policy_language = strdup(val->v.strVal);
289
290 READ_MULTI_LINE("ocsp_uri", cfg.ocsp_uris);
291 READ_MULTI_LINE("ca_issuers_uri", cfg.ca_issuers_uris);
292
293 READ_BOOLEAN("ca", cfg.ca);
294 READ_BOOLEAN("honor_crq_extensions", cfg.crq_extensions);
295 READ_BOOLEAN("path_len", cfg.path_len);
296 READ_BOOLEAN("tls_www_client", cfg.tls_www_client);
297 READ_BOOLEAN("tls_www_server", cfg.tls_www_server);
298 READ_BOOLEAN("signing_key", cfg.signing_key);
299 READ_BOOLEAN("encryption_key", cfg.encryption_key);
300 READ_BOOLEAN("cert_signing_key", cfg.cert_sign_key);
301 READ_BOOLEAN("crl_signing_key", cfg.crl_sign_key);
302 READ_BOOLEAN("code_signing_key", cfg.code_sign_key);
303 READ_BOOLEAN("ocsp_signing_key", cfg.ocsp_sign_key);
304 READ_BOOLEAN("time_stamping_key", cfg.time_stamping_key);
305 READ_BOOLEAN("ipsec_ike_key", cfg.ipsec_ike_key);
306
307 optionUnloadNested(pov);
308
309 return 0;
310 }
311
312 #define IS_NEWLINE(x) ((x[0] == '\n') || (x[0] == '\r'))
313
314 void
315 read_crt_set (gnutls_x509_crt_t crt, const char *input_str, const char *oid)
316 {
317 char input[128];
318 int ret;
319
320 fputs (input_str, stderr);
321 if (fgets (input, sizeof (input), stdin) == NULL)
322 return;
323
324 if (IS_NEWLINE(input))
325 return;
326
327 ret =
328 gnutls_x509_crt_set_dn_by_oid (crt, oid, 0, input, strlen (input) - 1);
329 if (ret < 0)
330 {
331 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
332 exit (1);
333 }
334 }
335
336 void
337 read_crq_set (gnutls_x509_crq_t crq, const char *input_str, const char *oid)
338 {
339 char input[128];
340 int ret;
341
342 fputs (input_str, stderr);
343 if (fgets (input, sizeof (input), stdin) == NULL)
344 return;
345
346 if (IS_NEWLINE(input))
347 return;
348
349 ret =
350 gnutls_x509_crq_set_dn_by_oid (crq, oid, 0, input, strlen (input) - 1);
351 if (ret < 0)
352 {
353 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
354 exit (1);
355 }
356 }
357
358 /* The input_str should contain %d or %u to print the default.
359 */
360 static int
361 read_int_with_default (const char *input_str, int def)
362 {
363 char *endptr;
364 long l, len;
365 static char input[128];
366
367 fprintf (stderr, input_str, def);
368 if (fgets (input, sizeof (input), stdin) == NULL)
369 return def;
370
371 if (IS_NEWLINE(input))
372 return def;
373
374 len = strlen (input);
375
376 l = strtol (input, &endptr, 0);
377
378 if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n')
379 {
380 fprintf (stderr, "Trailing garbage ignored: `%s'\n", endptr);
381 return 0;
382 }
383
384 if (l <= INT_MIN || l >= INT_MAX)
385 {
386 fprintf (stderr, "Integer out of range: `%s'\n", input);
387 return 0;
388 }
389
390 if (input == endptr)
391 l = def;
392
393 return (int) l;
394 }
395
396 int
397 read_int (const char *input_str)
398 {
399 return read_int_with_default (input_str, 0);
400 }
401
402 const char *
403 read_str (const char *input_str)
404 {
405 static char input[128];
406 int len;
407
408 fputs (input_str, stderr);
409 if (fgets (input, sizeof (input), stdin) == NULL)
410 return NULL;
411
412 if (IS_NEWLINE(input))
413 return NULL;
414
415 len = strlen (input);
416 if ((len > 0) && (input[len - 1] == '\n'))
417 input[len - 1] = 0;
418 if (input[0] == 0)
419 return NULL;
420
421 return input;
422 }
423
424 /* Default is no
425 */
426 int
427 read_yesno (const char *input_str)
428 {
429 char input[128];
430
431 fputs (input_str, stderr);
432 if (fgets (input, sizeof (input), stdin) == NULL)
433 return 0;
434
435 if (IS_NEWLINE(input))
436 return 0;
437
438 if (input[0] == 'y' || input[0] == 'Y')
439 return 1;
440
441 return 0;
442 }
443
444
445 /* Wrapper functions for non-interactive mode.
446 */
447 const char *
448 get_pass (void)
449 {
450 if (batch)
451 return cfg.password;
452 else
453 return getpass ("Enter password: ");
454 }
455
456 const char *
457 get_confirmed_pass (bool empty_ok)
458 {
459 if (batch)
460 return cfg.password;
461 else
462 {
463 const char *pass = NULL;
464 char *copy = NULL;
465
466 do
467 {
468 if (pass)
469 fprintf (stderr, "Password missmatch, try again.\n");
470
471 free (copy);
472
473 pass = getpass ("Enter password: ");
474 copy = strdup (pass);
475 pass = getpass ("Confirm password: ");
476 }
477 while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0'));
478
479 free (copy);
480
481 return pass;
482 }
483 }
484
485 const char *
486 get_challenge_pass (void)
487 {
488 if (batch)
489 return cfg.challenge_password;
490 else
491 return getpass ("Enter a challenge password: ");
492 }
493
494 const char *
495 get_crl_dist_point_url (void)
496 {
497 if (batch)
498 return cfg.crl_dist_points;
499 else
500 return read_str ("Enter the URI of the CRL distribution point: ");
501 }
502
503 void
504 get_country_crt_set (gnutls_x509_crt_t crt)
505 {
506 int ret;
507
508 if (batch)
509 {
510 if (!cfg.country)
511 return;
512 ret =
513 gnutls_x509_crt_set_dn_by_oid (crt,
514 GNUTLS_OID_X520_COUNTRY_NAME, 0,
515 cfg.country, strlen (cfg.country));
516 if (ret < 0)
517 {
518 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
519 exit (1);
520 }
521 }
522 else
523 {
524 read_crt_set (crt, "Country name (2 chars): ",
525 GNUTLS_OID_X520_COUNTRY_NAME);
526 }
527
528 }
529
530 void
531 get_organization_crt_set (gnutls_x509_crt_t crt)
532 {
533 int ret;
534
535 if (batch)
536 {
537 if (!cfg.organization)
538 return;
539
540 ret =
541 gnutls_x509_crt_set_dn_by_oid (crt,
542 GNUTLS_OID_X520_ORGANIZATION_NAME,
543 0, cfg.organization,
544 strlen (cfg.organization));
545 if (ret < 0)
546 {
547 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
548 exit (1);
549 }
550 }
551 else
552 {
553 read_crt_set (crt, "Organization name: ",
554 GNUTLS_OID_X520_ORGANIZATION_NAME);
555 }
556
557 }
558
559 void
560 get_unit_crt_set (gnutls_x509_crt_t crt)
561 {
562 int ret;
563
564 if (batch)
565 {
566 if (!cfg.unit)
567 return;
568
569 ret =
570 gnutls_x509_crt_set_dn_by_oid (crt,
571 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
572 0, cfg.unit, strlen (cfg.unit));
573 if (ret < 0)
574 {
575 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
576 exit (1);
577 }
578 }
579 else
580 {
581 read_crt_set (crt, "Organizational unit name: ",
582 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
583 }
584
585 }
586
587 void
588 get_state_crt_set (gnutls_x509_crt_t crt)
589 {
590 int ret;
591
592 if (batch)
593 {
594 if (!cfg.state)
595 return;
596 ret =
597 gnutls_x509_crt_set_dn_by_oid (crt,
598 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
599 0, cfg.state, strlen (cfg.state));
600 if (ret < 0)
601 {
602 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
603 exit (1);
604 }
605 }
606 else
607 {
608 read_crt_set (crt, "State or province name: ",
609 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
610 }
611
612 }
613
614 void
615 get_locality_crt_set (gnutls_x509_crt_t crt)
616 {
617 int ret;
618
619 if (batch)
620 {
621 if (!cfg.locality)
622 return;
623 ret =
624 gnutls_x509_crt_set_dn_by_oid (crt,
625 GNUTLS_OID_X520_LOCALITY_NAME, 0,
626 cfg.locality, strlen (cfg.locality));
627 if (ret < 0)
628 {
629 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
630 exit (1);
631 }
632 }
633 else
634 {
635 read_crt_set (crt, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
636 }
637
638 }
639
640 void
641 get_cn_crt_set (gnutls_x509_crt_t crt)
642 {
643 int ret;
644
645 if (batch)
646 {
647 if (!cfg.cn)
648 return;
649 ret =
650 gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
651 0, cfg.cn, strlen (cfg.cn));
652 if (ret < 0)
653 {
654 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
655 exit (1);
656 }
657 }
658 else
659 {
660 read_crt_set (crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
661 }
662
663 }
664
665 void
666 get_uid_crt_set (gnutls_x509_crt_t crt)
667 {
668 int ret;
669
670 if (batch)
671 {
672 if (!cfg.uid)
673 return;
674 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0,
675 cfg.uid, strlen (cfg.uid));
676 if (ret < 0)
677 {
678 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
679 exit (1);
680 }
681 }
682 else
683 {
684 read_crt_set (crt, "UID: ", GNUTLS_OID_LDAP_UID);
685 }
686
687 }
688
689 void
690 get_oid_crt_set (gnutls_x509_crt_t crt)
691 {
692 int ret, i;
693
694 if (batch)
695 {
696 if (!cfg.dn_oid)
697 return;
698 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
699 {
700 if (cfg.dn_oid[i + 1] == NULL)
701 {
702 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
703 cfg.dn_oid[i]);
704 exit (1);
705 }
706 ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0,
707 cfg.dn_oid[i + 1],
708 strlen (cfg.dn_oid[i + 1]));
709
710 if (ret < 0)
711 {
712 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
713 exit (1);
714 }
715 }
716 }
717 }
718
719 void
720 get_key_purpose_set (gnutls_x509_crt_t crt)
721 {
722 int ret, i;
723
724 if (batch)
725 {
726 if (!cfg.key_purpose_oids)
727 return;
728 for (i = 0; cfg.key_purpose_oids[i] != NULL; i++)
729 {
730 ret =
731 gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i],
732 0);
733
734 if (ret < 0)
735 {
736 fprintf (stderr, "set_key_purpose_oid (%s): %s\n",
737 cfg.key_purpose_oids[i], gnutls_strerror (ret));
738 exit (1);
739 }
740 }
741 }
742 }
743
744 void
745 get_ocsp_issuer_set (gnutls_x509_crt_t crt)
746 {
747 int ret, i;
748 gnutls_datum_t uri;
749
750 if (batch)
751 {
752 if (!cfg.ocsp_uris)
753 return;
754 for (i = 0; cfg.ocsp_uris[i] != NULL; i++)
755 {
756 uri.data = cfg.ocsp_uris[i];
757 uri.size = strlen(cfg.ocsp_uris[i]);
758 ret =
759 gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_OCSP_URI,
760 &uri);
761 if (ret < 0)
762 {
763 fprintf (stderr, "set OCSP URI (%s): %s\n",
764 cfg.ocsp_uris[i], gnutls_strerror (ret));
765 exit (1);
766 }
767 }
768 }
769 }
770
771 void
772 get_ca_issuers_set (gnutls_x509_crt_t crt)
773 {
774 int ret, i;
775 gnutls_datum_t uri;
776
777 if (batch)
778 {
779 if (!cfg.ca_issuers_uris)
780 return;
781 for (i = 0; cfg.ca_issuers_uris[i] != NULL; i++)
782 {
783 uri.data = cfg.ca_issuers_uris[i];
784 uri.size = strlen(cfg.ca_issuers_uris[i]);
785 ret =
786 gnutls_x509_crt_set_authority_info_access (crt, GNUTLS_IA_CAISSUERS_URI,
787 &uri);
788 if (ret < 0)
789 {
790 fprintf (stderr, "set CA ISSUERS URI (%s): %s\n",
791 cfg.ca_issuers_uris[i], gnutls_strerror (ret));
792 exit (1);
793 }
794 }
795 }
796 }
797
798
799 void
800 get_pkcs9_email_crt_set (gnutls_x509_crt_t crt)
801 {
802 int ret;
803
804 if (batch)
805 {
806 if (!cfg.pkcs9_email)
807 return;
808 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0,
809 cfg.pkcs9_email,
810 strlen (cfg.pkcs9_email));
811 if (ret < 0)
812 {
813 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
814 exit (1);
815 }
816 }
817 else
818 {
819 read_crt_set (crt, "E-mail: ", GNUTLS_OID_PKCS9_EMAIL);
820 }
821
822 }
823
824 int
825 get_serial (void)
826 {
827 int default_serial = time (NULL);
828
829 if (batch)
830 {
831 if (cfg.serial < 0)
832 return default_serial;
833 return cfg.serial;
834 }
835 else
836 {
837 return read_int_with_default
838 ("Enter the certificate's serial number in decimal (default: %u): ",
839 default_serial);
840 }
841 }
842
843 int
844 get_days (void)
845 {
846 int days;
847
848 if (batch)
849 {
850 if (cfg.expiration_days <= 0)
851 return 365;
852 else
853 return cfg.expiration_days;
854 }
855 else
856 {
857 do
858 {
859 days = read_int ("The certificate will expire in (days): ");
860 }
861 while (days == 0);
862 return days;
863 }
864 }
865
866 int
867 get_ca_status (void)
868 {
869 if (batch)
870 {
871 return cfg.ca;
872 }
873 else
874 {
875 return
876 read_yesno ("Does the certificate belong to an authority? (y/N): ");
877 }
878 }
879
880 int
881 get_crq_extensions_status (void)
882 {
883 if (batch)
884 {
885 return cfg.crq_extensions;
886 }
887 else
888 {
889 return
890 read_yesno
891 ("Do you want to honour the extensions from the request? (y/N): ");
892 }
893 }
894
895 int
896 get_crl_number (void)
897 {
898 if (batch)
899 {
900 return cfg.crl_number;
901 }
902 else
903 {
904 return read_int_with_default ("CRL Number: ", 1);
905 }
906 }
907
908 int
909 get_path_len (void)
910 {
911 if (batch)
912 {
913 return cfg.path_len;
914 }
915 else
916 {
917 return read_int_with_default
918 ("Path length constraint (decimal, %d for no constraint): ", -1);
919 }
920 }
921
922 const char *
923 get_pkcs12_key_name (void)
924 {
925 const char *name;
926
927 if (batch)
928 {
929 if (!cfg.pkcs12_key_name)
930 return "Anonymous";
931 return cfg.pkcs12_key_name;
932 }
933 else
934 {
935 do
936 {
937 name = read_str ("Enter a name for the key: ");
938 }
939 while (name == NULL);
940 }
941 return name;
942 }
943
944 int
945 get_tls_client_status (void)
946 {
947 if (batch)
948 {
949 return cfg.tls_www_client;
950 }
951 else
952 {
953 return read_yesno ("Is this a TLS web client certificate? (y/N): ");
954 }
955 }
956
957 int
958 get_tls_server_status (void)
959 {
960 if (batch)
961 {
962 return cfg.tls_www_server;
963 }
964 else
965 {
966 return
967 read_yesno ("Is this also a TLS web server certificate? (y/N): ");
968 }
969 }
970
971 /* convert a printable IP to binary */
972 static int
973 string_to_ip (unsigned char *ip, const char *str)
974 {
975 int len = strlen (str);
976 int ret;
977
978 #if HAVE_IPV6
979 if (strchr (str, ':') != NULL || len > 16)
980 { /* IPv6 */
981 ret = inet_pton (AF_INET6, str, ip);
982 if (ret <= 0)
983 {
984 fprintf (stderr, "Error in IPv6 address %s\n", str);
985 exit (1);
986 }
987
988 /* To be done */
989 return 16;
990 }
991 else
992 #endif
993 { /* IPv4 */
994 ret = inet_pton (AF_INET, str, ip);
995 if (ret <= 0)
996 {
997 fprintf (stderr, "Error in IPv4 address %s\n", str);
998 exit (1);
999 }
1000
1001 return 4;
1002 }
1003
1004 }
1005
1006 void
1007 get_ip_addr_set (int type, void *crt)
1008 {
1009 int ret = 0, i;
1010 unsigned char ip[16];
1011 int len;
1012
1013 if (batch)
1014 {
1015 if (!cfg.ip_addr)
1016 return;
1017
1018 for (i = 0; cfg.ip_addr[i] != NULL; i++)
1019 {
1020 len = string_to_ip (ip, cfg.ip_addr[i]);
1021 if (len <= 0)
1022 {
1023 fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]);
1024 exit (1);
1025 }
1026
1027 if (type == TYPE_CRT)
1028 ret =
1029 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1030 ip, len,
1031 GNUTLS_FSAN_APPEND);
1032 else
1033 ret =
1034 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1035 ip, len,
1036 GNUTLS_FSAN_APPEND);
1037
1038 if (ret < 0)
1039 break;
1040 }
1041 }
1042 else
1043 {
1044 const char *p;
1045
1046 p =
1047 read_str ("Enter the IP address of the subject of the certificate: ");
1048 if (!p)
1049 return;
1050
1051 len = string_to_ip (ip, p);
1052 if (len <= 0)
1053 {
1054 fprintf (stderr, "Error parsing address: %s\n", p);
1055 exit (1);
1056 }
1057
1058 if (type == TYPE_CRT)
1059 ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1060 ip, len,
1061 GNUTLS_FSAN_APPEND);
1062 else
1063 ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS,
1064 ip, len,
1065 GNUTLS_FSAN_APPEND);
1066 }
1067
1068 if (ret < 0)
1069 {
1070 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1071 exit (1);
1072 }
1073 }
1074
1075 void
1076 get_email_set (int type, void *crt)
1077 {
1078 int ret = 0, i;
1079
1080 if (batch)
1081 {
1082 if (!cfg.email)
1083 return;
1084
1085 for (i = 0; cfg.email[i] != NULL; i++)
1086 {
1087 if (type == TYPE_CRT)
1088 ret =
1089 gnutls_x509_crt_set_subject_alt_name (crt,
1090 GNUTLS_SAN_RFC822NAME,
1091 cfg.email[i],
1092 strlen (cfg.email[i]),
1093 GNUTLS_FSAN_APPEND);
1094 else
1095 ret =
1096 gnutls_x509_crq_set_subject_alt_name (crt,
1097 GNUTLS_SAN_RFC822NAME,
1098 cfg.email[i],
1099 strlen (cfg.email[i]),
1100 GNUTLS_FSAN_APPEND);
1101
1102 if (ret < 0)
1103 break;
1104 }
1105 }
1106 else
1107 {
1108 const char *p;
1109
1110 p = read_str ("Enter the e-mail of the subject of the certificate: ");
1111 if (!p)
1112 return;
1113
1114 if (type == TYPE_CRT)
1115 ret =
1116 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
1117 strlen (p),
1118 GNUTLS_FSAN_APPEND);
1119 else
1120 ret =
1121 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p,
1122 strlen (p),
1123 GNUTLS_FSAN_APPEND);
1124 }
1125
1126 if (ret < 0)
1127 {
1128 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1129 exit (1);
1130 }
1131 }
1132
1133
1134 void
1135 get_dc_set (int type, void *crt)
1136 {
1137 int ret = 0, i;
1138
1139 if (batch)
1140 {
1141 if (!cfg.dc)
1142 return;
1143
1144 for (i = 0; cfg.dc[i] != NULL; i++)
1145 {
1146 if (type == TYPE_CRT)
1147 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1148 0, cfg.dc[i], strlen (cfg.dc[i]));
1149 else
1150 ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1151 0, cfg.dc[i], strlen (cfg.dc[i]));
1152
1153 if (ret < 0)
1154 break;
1155 }
1156 }
1157 else
1158 {
1159 const char *p;
1160
1161 do
1162 {
1163 p = read_str ("Enter the subject's domain component (DC): ");
1164 if (!p)
1165 return;
1166
1167 if (type == TYPE_CRT)
1168 ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1169 0, p, strlen (p));
1170 else
1171 ret = gnutls_x509_crq_set_dn_by_oid (crt, GNUTLS_OID_LDAP_DC,
1172 0, p, strlen (p));
1173 }
1174 while(p != NULL);
1175 }
1176
1177 if (ret < 0)
1178 {
1179 fprintf (stderr, "set_dn_by_oid: %s\n", gnutls_strerror (ret));
1180 exit (1);
1181 }
1182 }
1183
1184 void
1185 get_dns_name_set (int type, void *crt)
1186 {
1187 int ret = 0, i;
1188
1189 if (batch)
1190 {
1191 if (!cfg.dns_name)
1192 return;
1193
1194 for (i = 0; cfg.dns_name[i] != NULL; i++)
1195 {
1196 if (type == TYPE_CRT)
1197 ret =
1198 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
1199 cfg.dns_name[i],
1200 strlen (cfg.dns_name[i]),
1201 GNUTLS_FSAN_APPEND);
1202 else
1203 ret =
1204 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME,
1205 cfg.dns_name[i],
1206 strlen (cfg.dns_name[i]),
1207 GNUTLS_FSAN_APPEND);
1208
1209 if (ret < 0)
1210 break;
1211 }
1212 }
1213 else
1214 {
1215 const char *p;
1216
1217 do
1218 {
1219 p =
1220 read_str ("Enter a dnsName of the subject of the certificate: ");
1221 if (!p)
1222 return;
1223
1224 if (type == TYPE_CRT)
1225 ret = gnutls_x509_crt_set_subject_alt_name
1226 (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
1227 else
1228 ret = gnutls_x509_crq_set_subject_alt_name
1229 (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND);
1230 }
1231 while (p);
1232 }
1233
1234 if (ret < 0)
1235 {
1236 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1237 exit (1);
1238 }
1239 }
1240
1241 void
1242 get_policy_set (gnutls_x509_crt_t crt)
1243 {
1244 int ret = 0, i;
1245 gnutls_x509_policy_st policy;
1246
1247 if (batch)
1248 {
1249 if (!cfg.policy_oid)
1250 return;
1251
1252 for (i = 0; cfg.policy_oid[i] != NULL; i++)
1253 {
1254 memset(&policy, 0, sizeof(policy));
1255 policy.oid = cfg.policy_oid[i];
1256
1257 if (cfg.policy_txt[i] != NULL)
1258 {
1259 policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_NOTICE;
1260 policy.qualifier[policy.qualifiers].data = cfg.policy_txt[i];
1261 policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_txt[i]);
1262 policy.qualifiers++;
1263 }
1264
1265 if (cfg.policy_url[i] != NULL)
1266 {
1267 policy.qualifier[policy.qualifiers].type = GNUTLS_X509_QUALIFIER_URI;
1268 policy.qualifier[policy.qualifiers].data = cfg.policy_url[i];
1269 policy.qualifier[policy.qualifiers].size = strlen(cfg.policy_url[i]);
1270 policy.qualifiers++;
1271 }
1272
1273 fprintf(stderr, "setting policy %s with %d qualifiers\n", policy.oid, policy.qualifiers);
1274
1275 ret =
1276 gnutls_x509_crt_set_policy (crt, &policy, 0);
1277 if (ret < 0)
1278 break;
1279 }
1280 }
1281
1282 if (ret < 0)
1283 {
1284 fprintf (stderr, "set_policy: %s\n", gnutls_strerror (ret));
1285 exit (1);
1286 }
1287 }
1288
1289 void
1290 get_uri_set (int type, void *crt)
1291 {
1292 int ret = 0, i;
1293
1294 if (batch)
1295 {
1296 if (!cfg.uri)
1297 return;
1298
1299 for (i = 0; cfg.uri[i] != NULL; i++)
1300 {
1301 if (type == TYPE_CRT)
1302 ret =
1303 gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_URI,
1304 cfg.uri[i],
1305 strlen (cfg.uri[i]),
1306 GNUTLS_FSAN_APPEND);
1307 else
1308 ret =
1309 gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_URI,
1310 cfg.uri[i],
1311 strlen (cfg.uri[i]),
1312 GNUTLS_FSAN_APPEND);
1313
1314 if (ret < 0)
1315 break;
1316 }
1317 }
1318 else
1319 {
1320 const char *p;
1321
1322 do
1323 {
1324 p =
1325 read_str ("Enter a URI of the subject of the certificate: ");
1326 if (!p)
1327 return;
1328
1329 if (type == TYPE_CRT)
1330 ret = gnutls_x509_crt_set_subject_alt_name
1331 (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
1332 else
1333 ret = gnutls_x509_crq_set_subject_alt_name
1334 (crt, GNUTLS_SAN_URI, p, strlen (p), GNUTLS_FSAN_APPEND);
1335 }
1336 while (p);
1337 }
1338
1339 if (ret < 0)
1340 {
1341 fprintf (stderr, "set_subject_alt_name: %s\n", gnutls_strerror (ret));
1342 exit (1);
1343 }
1344 }
1345
1346
1347
1348 int
1349 get_sign_status (int server)
1350 {
1351 const char *msg;
1352
1353 if (batch)
1354 {
1355 return cfg.signing_key;
1356 }
1357 else
1358 {
1359 if (server)
1360 msg =
1361 "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): ";
1362 else
1363 msg =
1364 "Will the certificate be used for signing (required for TLS)? (y/N): ";
1365 return read_yesno (msg);
1366 }
1367 }
1368
1369 int
1370 get_encrypt_status (int server)
1371 {
1372 const char *msg;
1373
1374 if (batch)
1375 {
1376 return cfg.encryption_key;
1377 }
1378 else
1379 {
1380 if (server)
1381 msg =
1382 "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): ";
1383 else
1384 msg =
1385 "Will the certificate be used for encryption (not required for TLS)? (y/N): ";
1386 return read_yesno (msg);
1387 }
1388 }
1389
1390 int
1391 get_cert_sign_status (void)
1392 {
1393 if (batch)
1394 {
1395 return cfg.cert_sign_key;
1396 }
1397 else
1398 {
1399 return
1400 read_yesno
1401 ("Will the certificate be used to sign other certificates? (y/N): ");
1402 }
1403 }
1404
1405 int
1406 get_crl_sign_status (void)
1407 {
1408 if (batch)
1409 {
1410 return cfg.crl_sign_key;
1411 }
1412 else
1413 {
1414 return
1415 read_yesno ("Will the certificate be used to sign CRLs? (y/N): ");
1416 }
1417 }
1418
1419 int
1420 get_code_sign_status (void)
1421 {
1422 if (batch)
1423 {
1424 return cfg.code_sign_key;
1425 }
1426 else
1427 {
1428 return
1429 read_yesno ("Will the certificate be used to sign code? (y/N): ");
1430 }
1431 }
1432
1433 int
1434 get_ocsp_sign_status (void)
1435 {
1436 if (batch)
1437 {
1438 return cfg.ocsp_sign_key;
1439 }
1440 else
1441 {
1442 return
1443 read_yesno
1444 ("Will the certificate be used to sign OCSP requests? (y/N): ");
1445 }
1446 }
1447
1448 int
1449 get_time_stamp_status (void)
1450 {
1451 if (batch)
1452 {
1453 return cfg.time_stamping_key;
1454 }
1455 else
1456 {
1457 return
1458 read_yesno
1459 ("Will the certificate be used for time stamping? (y/N): ");
1460 }
1461 }
1462
1463 int
1464 get_ipsec_ike_status (void)
1465 {
1466 if (batch)
1467 {
1468 return cfg.ipsec_ike_key;
1469 }
1470 else
1471 {
1472 return
1473 read_yesno
1474 ("Will the certificate be used for IPsec IKE operations? (y/N): ");
1475 }
1476 }
1477
1478 int
1479 get_crl_next_update (void)
1480 {
1481 int days;
1482
1483 if (batch)
1484 {
1485 if (cfg.crl_next_update <= 0)
1486 return 365;
1487 else
1488 return cfg.crl_next_update;
1489 }
1490 else
1491 {
1492 do
1493 {
1494 days = read_int ("The next CRL will be issued in (days): ");
1495 }
1496 while (days == 0);
1497 return days;
1498 }
1499 }
1500
1501 const char *
1502 get_proxy_policy (char **policy, size_t * policylen)
1503 {
1504 const char *ret;
1505
1506 if (batch)
1507 {
1508 ret = cfg.proxy_policy_language;
1509 if (!ret)
1510 ret = "1.3.6.1.5.5.7.21.1";
1511 }
1512 else
1513 {
1514 do
1515 {
1516 ret = read_str ("Enter the OID of the proxy policy language: ");
1517 }
1518 while (ret == NULL);
1519 }
1520
1521 *policy = NULL;
1522 *policylen = 0;
1523
1524 if (strcmp (ret, "1.3.6.1.5.5.7.21.1") != 0 &&
1525 strcmp (ret, "1.3.6.1.5.5.7.21.2") != 0)
1526 {
1527 fprintf (stderr, "Reading non-standard proxy policy not supported.\n");
1528 }
1529
1530 return ret;
1531 }
1532
1533 /* CRQ stuff.
1534 */
1535 void
1536 get_country_crq_set (gnutls_x509_crq_t crq)
1537 {
1538 int ret;
1539
1540 if (batch)
1541 {
1542 if (!cfg.country)
1543 return;
1544 ret =
1545 gnutls_x509_crq_set_dn_by_oid (crq,
1546 GNUTLS_OID_X520_COUNTRY_NAME, 0,
1547 cfg.country, strlen (cfg.country));
1548 if (ret < 0)
1549 {
1550 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1551 exit (1);
1552 }
1553 }
1554 else
1555 {
1556 read_crq_set (crq, "Country name (2 chars): ",
1557 GNUTLS_OID_X520_COUNTRY_NAME);
1558 }
1559
1560 }
1561
1562 void
1563 get_organization_crq_set (gnutls_x509_crq_t crq)
1564 {
1565 int ret;
1566
1567 if (batch)
1568 {
1569 if (!cfg.organization)
1570 return;
1571
1572 ret =
1573 gnutls_x509_crq_set_dn_by_oid (crq,
1574 GNUTLS_OID_X520_ORGANIZATION_NAME,
1575 0, cfg.organization,
1576 strlen (cfg.organization));
1577 if (ret < 0)
1578 {
1579 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1580 exit (1);
1581 }
1582 }
1583 else
1584 {
1585 read_crq_set (crq, "Organization name: ",
1586 GNUTLS_OID_X520_ORGANIZATION_NAME);
1587 }
1588
1589 }
1590
1591 void
1592 get_unit_crq_set (gnutls_x509_crq_t crq)
1593 {
1594 int ret;
1595
1596 if (batch)
1597 {
1598 if (!cfg.unit)
1599 return;
1600
1601 ret =
1602 gnutls_x509_crq_set_dn_by_oid (crq,
1603 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
1604 0, cfg.unit, strlen (cfg.unit));
1605 if (ret < 0)
1606 {
1607 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1608 exit (1);
1609 }
1610 }
1611 else
1612 {
1613 read_crq_set (crq, "Organizational unit name: ",
1614 GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
1615 }
1616
1617 }
1618
1619 void
1620 get_state_crq_set (gnutls_x509_crq_t crq)
1621 {
1622 int ret;
1623
1624 if (batch)
1625 {
1626 if (!cfg.state)
1627 return;
1628 ret =
1629 gnutls_x509_crq_set_dn_by_oid (crq,
1630 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
1631 0, cfg.state, strlen (cfg.state));
1632 if (ret < 0)
1633 {
1634 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1635 exit (1);
1636 }
1637 }
1638 else
1639 {
1640 read_crq_set (crq, "State or province name: ",
1641 GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
1642 }
1643
1644 }
1645
1646 void
1647 get_locality_crq_set (gnutls_x509_crq_t crq)
1648 {
1649 int ret;
1650
1651 if (batch)
1652 {
1653 if (!cfg.locality)
1654 return;
1655 ret =
1656 gnutls_x509_crq_set_dn_by_oid (crq,
1657 GNUTLS_OID_X520_LOCALITY_NAME, 0,
1658 cfg.locality, strlen (cfg.locality));
1659 if (ret < 0)
1660 {
1661 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1662 exit (1);
1663 }
1664 }
1665 else
1666 {
1667 read_crq_set (crq, "Locality name: ", GNUTLS_OID_X520_LOCALITY_NAME);
1668 }
1669
1670 }
1671
1672 void
1673 get_cn_crq_set (gnutls_x509_crq_t crq)
1674 {
1675 int ret;
1676
1677 if (batch)
1678 {
1679 if (!cfg.cn)
1680 return;
1681 ret =
1682 gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
1683 0, cfg.cn, strlen (cfg.cn));
1684 if (ret < 0)
1685 {
1686 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1687 exit (1);
1688 }
1689 }
1690 else
1691 {
1692 read_crq_set (crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
1693 }
1694
1695 }
1696
1697 void
1698 get_uid_crq_set (gnutls_x509_crq_t crq)
1699 {
1700 int ret;
1701
1702 if (batch)
1703 {
1704 if (!cfg.uid)
1705 return;
1706 ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0,
1707 cfg.uid, strlen (cfg.uid));
1708 if (ret < 0)
1709 {
1710 fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
1711 exit (1);
1712 }
1713 }
1714 else
1715 {
1716 read_crq_set (crq, "UID: ", GNUTLS_OID_LDAP_UID);
1717 }
1718
1719 }
1720
1721 void
1722 get_oid_crq_set (gnutls_x509_crq_t crq)
1723 {
1724 int ret, i;
1725
1726 if (batch)
1727 {
1728 if (!cfg.dn_oid)
1729 return;
1730 for (i = 0; cfg.dn_oid[i] != NULL; i += 2)
1731 {
1732 if (cfg.dn_oid[i + 1] == NULL)
1733 {
1734 fprintf (stderr, "dn_oid: %s does not have an argument.\n",
1735 cfg.dn_oid[i]);
1736 exit (1);
1737 }
1738 ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0,
1739 cfg.dn_oid[i + 1],
1740 strlen (cfg.dn_oid[i + 1]));
1741
1742 if (ret < 0)
1743 {
1744 fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret));
1745 exit (1);
1746 }
1747 }
1748 }
1749
1750 }
Implementation of the SSL/TLS protocol