| certtool.c | certtool.c | |||
|---|---|---|---|---|
| skipping to change at line 635 | skipping to change at line 635 | |||
| *ret_key = key; | *ret_key = key; | |||
| return crt; | return crt; | |||
| } | } | |||
| static gnutls_x509_crl_t | static gnutls_x509_crl_t | |||
| generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) | generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo) | |||
| { | { | |||
| gnutls_x509_crl_t crl; | gnutls_x509_crl_t crl; | |||
| gnutls_x509_crt_t *crts; | gnutls_x509_crt_t *crts; | |||
| size_t size; | gnutls_x509_crl_t *crls; | |||
| size_t size, crl_size; | ||||
| int result; | int result; | |||
| unsigned int i; | unsigned int i; | |||
| time_t secs, now = time(0); | time_t secs, this_update, exp; | |||
| result = gnutls_x509_crl_init(&crl); | crls = load_crl_list(0, &crl_size, cinfo); | |||
| if (result < 0) { | if (crls != NULL) { | |||
| fprintf(stderr, "crl_init: %s\n", gnutls_strerror(result)); | if (crl_size > 1) { | |||
| exit(1); | fprintf(stderr, "load_crl: too many CRLs present\n") | |||
| ; | ||||
| exit(1); | ||||
| } | ||||
| crl = crls[0]; | ||||
| gnutls_free(crls); | ||||
| } else { | ||||
| result = gnutls_x509_crl_init(&crl); | ||||
| if (result < 0) { | ||||
| fprintf(stderr, "crl_init: %s\n", gnutls_strerror(re | ||||
| sult)); | ||||
| exit(1); | ||||
| } | ||||
| } | } | |||
| crts = load_cert_list(0, &size, cinfo); | crts = load_cert_list(0, &size, cinfo); | |||
| exp = get_crl_revocation_date(); | ||||
| for (i = 0; i < size; i++) { | for (i = 0; i < size; i++) { | |||
| result = gnutls_x509_crl_set_crt(crl, crts[i], now); | result = gnutls_x509_crl_set_crt(crl, crts[i], exp); | |||
| if (result < 0) { | if (result < 0) { | |||
| fprintf(stderr, "crl_set_crt: %s\n", | fprintf(stderr, "crl_set_crt: %s\n", | |||
| gnutls_strerror(result)); | gnutls_strerror(result)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| gnutls_x509_crt_deinit(crts[i]); | ||||
| } | } | |||
| gnutls_free(crts); | ||||
| result = gnutls_x509_crl_set_this_update(crl, now); | this_update = get_crl_this_update_date(); | |||
| result = gnutls_x509_crl_set_this_update(crl, this_update); | ||||
| if (result < 0) { | if (result < 0) { | |||
| fprintf(stderr, "this_update: %s\n", | fprintf(stderr, "this_update: %s\n", | |||
| gnutls_strerror(result)); | gnutls_strerror(result)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| fprintf(stderr, "Update times.\n"); | fprintf(stderr, "Update times.\n"); | |||
| secs = get_crl_next_update(); | secs = get_crl_next_update(); | |||
| result = | result = | |||
| skipping to change at line 929 | skipping to change at line 946 | |||
| if (result < 0) { | if (result < 0) { | |||
| fprintf(stderr, "crl_privkey_sign: %s\n", | fprintf(stderr, "crl_privkey_sign: %s\n", | |||
| gnutls_strerror(result)); | gnutls_strerror(result)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| print_crl_info(crl, stdlog); | print_crl_info(crl, stdlog); | |||
| gnutls_privkey_deinit(ca_key); | gnutls_privkey_deinit(ca_key); | |||
| gnutls_x509_crl_deinit(crl); | gnutls_x509_crl_deinit(crl); | |||
| gnutls_x509_crt_deinit(ca_crt); | ||||
| } | } | |||
| static void update_signed_certificate(common_info_st * cinfo) | static void update_signed_certificate(common_info_st * cinfo) | |||
| { | { | |||
| gnutls_x509_crt_t crt; | gnutls_x509_crt_t crt; | |||
| size_t size; | size_t size; | |||
| int result; | int result; | |||
| gnutls_privkey_t ca_key; | gnutls_privkey_t ca_key; | |||
| gnutls_x509_crt_t ca_crt; | gnutls_x509_crt_t ca_crt; | |||
| time_t tim; | time_t tim; | |||
| skipping to change at line 1270 | skipping to change at line 1288 | |||
| USAGE(1); | USAGE(1); | |||
| fclose(outfile); | fclose(outfile); | |||
| #ifdef ENABLE_PKCS11 | #ifdef ENABLE_PKCS11 | |||
| gnutls_pkcs11_deinit(); | gnutls_pkcs11_deinit(); | |||
| #endif | #endif | |||
| gnutls_global_deinit(); | gnutls_global_deinit(); | |||
| } | } | |||
| #define MAX_CRTS 500 | ||||
| void certificate_info(int pubkey, common_info_st * cinfo) | void certificate_info(int pubkey, common_info_st * cinfo) | |||
| { | { | |||
| gnutls_x509_crt_t crt[MAX_CRTS]; | gnutls_x509_crt_t *crts = NULL; | |||
| size_t size; | size_t size; | |||
| int ret, i, count; | int ret, i, count; | |||
| gnutls_datum_t pem; | gnutls_datum_t pem; | |||
| unsigned int crt_num; | unsigned int crt_num; | |||
| pem.data = (void *) fread_file(infile, &size); | pem.data = (void *) fread_file(infile, &size); | |||
| pem.size = size; | pem.size = size; | |||
| crt_num = MAX_CRTS; | ||||
| ret = | ret = | |||
| gnutls_x509_crt_list_import(crt, &crt_num, &pem, incert_format, | gnutls_x509_crt_list_import2(&crts, &crt_num, &pem, incert_forma | |||
| GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_ | t, 0); | |||
| EXCEED); | ||||
| if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { | ||||
| fprintf(stderr, "too many certificates (%d); " | ||||
| "will only read the first %d", crt_num, MAX_CRTS); | ||||
| crt_num = MAX_CRTS; | ||||
| ret = gnutls_x509_crt_list_import(crt, &crt_num, &pem, | ||||
| incert_format, 0); | ||||
| } | ||||
| if (ret < 0) { | if (ret < 0) { | |||
| fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); | fprintf(stderr, "import error: %s\n", gnutls_strerror(ret)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| free(pem.data); | free(pem.data); | |||
| count = ret; | count = crt_num; | |||
| if (count > 1 && outcert_format == GNUTLS_X509_FMT_DER) { | if (count > 1 && outcert_format == GNUTLS_X509_FMT_DER) { | |||
| fprintf(stderr, | fprintf(stderr, | |||
| "cannot output multiple certificates in DER format; " | "cannot output multiple certificates in DER format; " | |||
| "using PEM instead"); | "using PEM instead"); | |||
| outcert_format = GNUTLS_X509_FMT_PEM; | outcert_format = GNUTLS_X509_FMT_PEM; | |||
| } | } | |||
| for (i = 0; i < count; i++) { | for (i = 0; i < count; i++) { | |||
| if (i > 0) | if (i > 0) | |||
| fprintf(outfile, "\n"); | fprintf(outfile, "\n"); | |||
| if (outcert_format == GNUTLS_X509_FMT_PEM) | if (outcert_format == GNUTLS_X509_FMT_PEM) | |||
| print_certificate_info(crt[i], outfile, 1); | print_certificate_info(crts[i], outfile, 1); | |||
| if (pubkey) | if (pubkey) | |||
| pubkey_info(crt[i], cinfo); | pubkey_info(crts[i], cinfo); | |||
| else { | else { | |||
| size = lbuffer_size; | size = lbuffer_size; | |||
| ret = | ret = | |||
| gnutls_x509_crt_export(crt[i], outcert_format, | gnutls_x509_crt_export(crts[i], outcert_format, | |||
| lbuffer, &size); | lbuffer, &size); | |||
| if (ret < 0) { | if (ret < 0) { | |||
| fprintf(stderr, "export error: %s\n", | fprintf(stderr, "export error: %s\n", | |||
| gnutls_strerror(ret)); | gnutls_strerror(ret)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| fwrite(lbuffer, 1, size, outfile); | fwrite(lbuffer, 1, size, outfile); | |||
| } | } | |||
| gnutls_x509_crt_deinit(crt[i]); | gnutls_x509_crt_deinit(crts[i]); | |||
| } | } | |||
| gnutls_free(crts); | ||||
| } | } | |||
| #ifdef ENABLE_OPENPGP | #ifdef ENABLE_OPENPGP | |||
| void pgp_certificate_info(void) | void pgp_certificate_info(void) | |||
| { | { | |||
| gnutls_openpgp_crt_t crt; | gnutls_openpgp_crt_t crt; | |||
| size_t size; | size_t size; | |||
| int ret; | int ret; | |||
| gnutls_datum_t pem, out_data; | gnutls_datum_t pem, out_data; | |||
| skipping to change at line 1669 | skipping to change at line 1678 | |||
| if (out == stderr && batch == 0) /* interactive */ | if (out == stderr && batch == 0) /* interactive */ | |||
| if (read_yesno("Is the above information ok? (y/N): ", 0) | if (read_yesno("Is the above information ok? (y/N): ", 0) | |||
| == 0) { | == 0) { | |||
| exit(1); | exit(1); | |||
| } | } | |||
| } | } | |||
| static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) | static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) | |||
| { | { | |||
| gnutls_datum_t data; | gnutls_datum_t data; | |||
| gnutls_datum_t cout; | ||||
| int ret; | int ret; | |||
| size_t size; | ||||
| if (outcert_format == GNUTLS_X509_FMT_PEM) { | if (outcert_format == GNUTLS_X509_FMT_PEM) { | |||
| ret = gnutls_x509_crl_print(crl, full_format, &data); | ret = gnutls_x509_crl_print(crl, full_format, &data); | |||
| if (ret < 0) { | if (ret < 0) { | |||
| fprintf(stderr, "crl_print: %s\n", gnutls_strerror(r et)); | fprintf(stderr, "crl_print: %s\n", gnutls_strerror(r et)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| fprintf(out, "%s\n", data.data); | fprintf(out, "%s\n", data.data); | |||
| gnutls_free(data.data); | gnutls_free(data.data); | |||
| } | } | |||
| size = lbuffer_size; | ||||
| ret = | ret = | |||
| gnutls_x509_crl_export(crl, outcert_format, lbuffer, | gnutls_x509_crl_export2(crl, outcert_format, &cout); | |||
| &size); | ||||
| if (ret < 0) { | if (ret < 0) { | |||
| fprintf(stderr, "crl_export: %s\n", gnutls_strerror(ret)); | fprintf(stderr, "crl_export: %s\n", gnutls_strerror(ret)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| fwrite(lbuffer, 1, size, outfile); | fwrite(cout.data, 1, cout.size, outfile); | |||
| gnutls_free(cout.data); | ||||
| } | } | |||
| void crl_info(void) | void crl_info(void) | |||
| { | { | |||
| gnutls_x509_crl_t crl; | gnutls_x509_crl_t crl; | |||
| int ret; | int ret; | |||
| size_t size; | size_t size; | |||
| gnutls_datum_t pem; | gnutls_datum_t pem; | |||
| ret = gnutls_x509_crl_init(&crl); | ret = gnutls_x509_crl_init(&crl); | |||
| skipping to change at line 2988 | skipping to change at line 2996 | |||
| } | } | |||
| for (i=0;i<crt_size;i++) { | for (i=0;i<crt_size;i++) { | |||
| ret = gnutls_pkcs7_set_crt(pkcs7, crts[i]); | ret = gnutls_pkcs7_set_crt(pkcs7, crts[i]); | |||
| if (ret < 0) { | if (ret < 0) { | |||
| fprintf(stderr, "Error adding cert: %s\n", gnutls_st rerror(ret)); | fprintf(stderr, "Error adding cert: %s\n", gnutls_st rerror(ret)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| gnutls_x509_crt_deinit(crts[i]); | gnutls_x509_crt_deinit(crts[i]); | |||
| } | } | |||
| gnutls_free(crts); | ||||
| for (i=0;i<crl_size;i++) { | for (i=0;i<crl_size;i++) { | |||
| ret = gnutls_pkcs7_set_crl(pkcs7, crls[i]); | ret = gnutls_pkcs7_set_crl(pkcs7, crls[i]); | |||
| if (ret < 0) { | if (ret < 0) { | |||
| fprintf(stderr, "Error adding CRL: %s\n", gnutls_str error(ret)); | fprintf(stderr, "Error adding CRL: %s\n", gnutls_str error(ret)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| gnutls_x509_crl_deinit(crls[i]); | gnutls_x509_crl_deinit(crls[i]); | |||
| } | } | |||
| gnutls_free(crls); | ||||
| ret = | ret = | |||
| gnutls_pkcs7_export2(pkcs7, outcert_format, &tmp); | gnutls_pkcs7_export2(pkcs7, outcert_format, &tmp); | |||
| if (ret < 0) { | if (ret < 0) { | |||
| fprintf(stderr, "pkcs7_export: %s\n", gnutls_strerror(ret)); | fprintf(stderr, "pkcs7_export: %s\n", gnutls_strerror(ret)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| fwrite(tmp.data, 1, tmp.size, outfile); | fwrite(tmp.data, 1, tmp.size, outfile); | |||
| gnutls_free(tmp.data); | gnutls_free(tmp.data); | |||
| skipping to change at line 3272 | skipping to change at line 3282 | |||
| size = lbuffer_size; | size = lbuffer_size; | |||
| result = | result = | |||
| gnutls_pkcs12_export(pkcs12, outcert_format, lbuffer, &size); | gnutls_pkcs12_export(pkcs12, outcert_format, lbuffer, &size); | |||
| if (result < 0) { | if (result < 0) { | |||
| fprintf(stderr, "pkcs12_export: %s\n", | fprintf(stderr, "pkcs12_export: %s\n", | |||
| gnutls_strerror(result)); | gnutls_strerror(result)); | |||
| exit(1); | exit(1); | |||
| } | } | |||
| fwrite(lbuffer, 1, size, outfile); | fwrite(lbuffer, 1, size, outfile); | |||
| gnutls_free(crts); | ||||
| } | } | |||
| static const char *BAGTYPE(gnutls_pkcs12_bag_type_t x) | static const char *BAGTYPE(gnutls_pkcs12_bag_type_t x) | |||
| { | { | |||
| switch (x) { | switch (x) { | |||
| case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: | case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: | |||
| return "PKCS #8 Encrypted key"; | return "PKCS #8 Encrypted key"; | |||
| case GNUTLS_BAG_EMPTY: | case GNUTLS_BAG_EMPTY: | |||
| return "Empty"; | return "Empty"; | |||
| case GNUTLS_BAG_PKCS8_KEY: | case GNUTLS_BAG_PKCS8_KEY: | |||
| End of changes. 27 change blocks. | ||||
| 32 lines changed or deleted | 44 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||