Add a --valid-days parameter to yubico-piv-tool.

Allows the expiration date (notAfter) value of self signed certificates to be configured.
This commit is contained in:
Matt Moyer
2016-02-10 17:30:05 -06:00
parent 69b686d9b9
commit 98f843e7e7
2 changed files with 4 additions and 3 deletions
+3 -3
View File
@@ -781,7 +781,7 @@ request_out:
static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_format,
const char *input_file_name, const char *slot, char *subject, enum enum_hash hash,
const char *output_file_name) {
const int validDays, const char *output_file_name) {
FILE *input_file = NULL;
FILE *output_file = NULL;
bool ret = false;
@@ -855,7 +855,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
fprintf(stderr, "Failed to set certificate notBefore.\n");
goto selfsign_out;
}
if(!X509_gmtime_adj(X509_get_notAfter(x509), 31536000L)) {
if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) {
fprintf(stderr, "Failed to set certificate notAfter.\n");
goto selfsign_out;
}
@@ -1986,7 +1986,7 @@ int main(int argc, char *argv[]) {
case action_arg_selfsignMINUS_certificate:
if(selfsign_certificate(state, args_info.key_format_arg, args_info.input_arg,
args_info.slot_orig, args_info.subject_arg, args_info.hash_arg,
args_info.output_arg) == false) {
args_info.valid_days_arg, args_info.output_arg) == false) {
ret = EXIT_FAILURE;
} else {
fprintf(stderr, "Successfully generated a new self signed certificate.\n");