Skip to content

Commit c181fff

Browse files
esyresyr
committed
x509storeissuer: add support for gernerated nonces
Signed-off-by: Eugene Syromiatnikov <[email protected]>
1 parent cb27054 commit c181fff

File tree

1 file changed

+33
-1
lines changed

1 file changed

+33
-1
lines changed

source/x509storeissuer.c

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ enum verbosity {
5757
};
5858

5959
enum nonce_type {
60+
NONCE_GENERATED,
6061
NONCE_PATH,
6162
};
6263

@@ -370,6 +371,31 @@ gen_cert(size_t key_id, const unsigned char *sn, const unsigned char *in)
370371
return cert;
371372
}
372373

374+
static X509 *
375+
gen_nonce(struct nonce_cfg *cfg)
376+
{
377+
X509 *x509_nonce = X509_new();
378+
X509_NAME *x509_name_nonce = NULL;
379+
380+
if (!x509_nonce)
381+
errx(EXIT_FAILURE, "Error creating X509 nonce object");
382+
383+
x509_name_nonce = X509_NAME_new();
384+
if (!x509_name_nonce)
385+
errx(EXIT_FAILURE, "Error creating X509 name nonce object");
386+
387+
if (!X509_NAME_add_entry_by_txt(x509_name_nonce, "CN", MBSTRING_ASC,
388+
(unsigned char *) "Test NC CA", -1, -1, 0))
389+
errx(EXIT_FAILURE, "Error setting X509 name nonce");
390+
391+
if (!X509_set_issuer_name(x509_nonce, x509_name_nonce))
392+
errx(EXIT_FAILURE, "Error setting X509 nonce name");
393+
394+
X509_NAME_free(x509_name_nonce);
395+
396+
return x509_nonce;
397+
}
398+
373399
static X509 *
374400
load_nonce_from_file(const char *path)
375401
{
@@ -444,6 +470,8 @@ static X509 *
444470
make_nonce(struct nonce_cfg *cfg)
445471
{
446472
switch (cfg->type) {
473+
case NONCE_GENERATED:
474+
return gen_nonce(cfg);
447475
case NONCE_PATH:
448476
return load_nonce_from_path(cfg);
449477
default:
@@ -667,6 +695,7 @@ usage(char * const argv[])
667695
"\t-K\tAlgorithm and key size of the generated keys.\n"
668696
"\t\tDefault: " KEY_ALGO "\n"
669697
"\t-n\tNonce configuration, supported options:\n"
698+
"\t\t\tgen - generated\n"
670699
"\t\t\tfile:PATH - load nonce certificate from PATH;\n"
671700
"\t\t\tif PATH is relative, the provided certsdir's are searched.\n"
672701
"\t\tDefault: " NONCE_CFG "\n"
@@ -702,9 +731,12 @@ parse_timeout(const char * const optarg)
702731
static void
703732
parse_nonce_cfg(const char * const optarg, struct nonce_cfg *cfg)
704733
{
734+
static const char gen[] = "gen";
705735
static const char file_pfx[] = "file:";
706736

707-
if (strncmp(optarg, file_pfx, sizeof(file_pfx) - 1) == 0) {
737+
if (strncmp(optarg, gen, sizeof(gen)) == 0) {
738+
cfg->type = NONCE_GENERATED;
739+
} else if (strncmp(optarg, file_pfx, sizeof(file_pfx) - 1) == 0) {
708740
cfg->type = NONCE_PATH;
709741
cfg->path = optarg + sizeof(file_pfx) - 1;
710742
} else {

0 commit comments

Comments
 (0)