add DER format for certificate import
This commit is contained in:
+1
-1
@@ -47,7 +47,7 @@ option "pin-retries" - "Number of retries before the pin code is blocked" int op
|
||||
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
|
||||
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
||||
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
||||
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP" enum optional default="PEM"
|
||||
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP","DER" enum optional default="PEM"
|
||||
option "password" p "Password for decryption of private key file" string optional
|
||||
option "subject" S "The subject to use for certificate request" string optional
|
||||
text "
|
||||
|
||||
@@ -32,6 +32,8 @@
|
||||
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#include "cmdline.h"
|
||||
|
||||
#define INPUT 1
|
||||
#define OUTPUT 2
|
||||
|
||||
|
||||
+10
-3
@@ -405,7 +405,7 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
||||
PKCS12 *p12 = NULL;
|
||||
EVP_PKEY *private_key = NULL;
|
||||
int compress = 0;
|
||||
int cert_len;
|
||||
int cert_len = -1;
|
||||
|
||||
input_file = open_file(input_file_name, INPUT);
|
||||
if(!input_file) {
|
||||
@@ -418,7 +418,12 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
||||
fprintf(stderr, "Failed loading certificate for import.\n");
|
||||
goto import_cert_out;
|
||||
}
|
||||
cert_len = i2d_X509(cert, NULL);
|
||||
} else if(cert_format == key_format_arg_DER) {
|
||||
cert = d2i_X509_fp(input_file, NULL);
|
||||
if(!cert) {
|
||||
fprintf(stderr, "Failed loading certificate for import.\n");
|
||||
goto import_cert_out;
|
||||
}
|
||||
} else if(cert_format == key_format_arg_PKCS12) {
|
||||
p12 = d2i_PKCS12_fp(input_file, NULL);
|
||||
if(!p12) {
|
||||
@@ -429,7 +434,6 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
||||
fprintf(stderr, "Failed to parse PKCS12 structure.\n");
|
||||
goto import_cert_out;
|
||||
}
|
||||
cert_len = i2d_X509(cert, NULL);
|
||||
} else if (cert_format == key_format_arg_GZIP) {
|
||||
struct stat st;
|
||||
|
||||
@@ -444,6 +448,9 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
||||
fprintf(stderr, "Unknown key format.\n");
|
||||
goto import_cert_out;
|
||||
}
|
||||
if(cert_len == -1) {
|
||||
cert_len = i2d_X509(cert, NULL);
|
||||
}
|
||||
|
||||
{
|
||||
unsigned char certdata[2100];
|
||||
|
||||
Reference in New Issue
Block a user