add DER format for certificate import

This commit is contained in:
Klas Lindfors
2014-12-05 11:10:33 +01:00
parent c49882f274
commit 368b527fa1
3 changed files with 13 additions and 4 deletions
+1 -1
View File
@@ -47,7 +47,7 @@ option "pin-retries" - "Number of retries before the pin code is blocked" int op
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
option "input" i "Filename to use as input, - for stdin" string optional default="-"
option "output" o "Filename to use as output, - for stdout" string optional default="-"
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP" enum optional default="PEM"
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP","DER" enum optional default="PEM"
option "password" p "Password for decryption of private key file" string optional
option "subject" S "The subject to use for certificate request" string optional
text "
+2
View File
@@ -32,6 +32,8 @@
#include <openssl/x509.h>
#include "cmdline.h"
#define INPUT 1
#define OUTPUT 2
+10 -3
View File
@@ -405,7 +405,7 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
PKCS12 *p12 = NULL;
EVP_PKEY *private_key = NULL;
int compress = 0;
int cert_len;
int cert_len = -1;
input_file = open_file(input_file_name, INPUT);
if(!input_file) {
@@ -418,7 +418,12 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
fprintf(stderr, "Failed loading certificate for import.\n");
goto import_cert_out;
}
cert_len = i2d_X509(cert, NULL);
} else if(cert_format == key_format_arg_DER) {
cert = d2i_X509_fp(input_file, NULL);
if(!cert) {
fprintf(stderr, "Failed loading certificate for import.\n");
goto import_cert_out;
}
} else if(cert_format == key_format_arg_PKCS12) {
p12 = d2i_PKCS12_fp(input_file, NULL);
if(!p12) {
@@ -429,7 +434,6 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
fprintf(stderr, "Failed to parse PKCS12 structure.\n");
goto import_cert_out;
}
cert_len = i2d_X509(cert, NULL);
} else if (cert_format == key_format_arg_GZIP) {
struct stat st;
@@ -444,6 +448,9 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
fprintf(stderr, "Unknown key format.\n");
goto import_cert_out;
}
if(cert_len == -1) {
cert_len = i2d_X509(cert, NULL);
}
{
unsigned char certdata[2100];